Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: New Burp Feature - ClickBandit - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Burp Feature - ClickBandit

If you've ever worked through a web application pentest and found clickjacking vulnerabilities,you may have had some trouble in the "why is this important"  conversation with your client.

The newest versions of Burp (after 1.6.32) have a new feature called "ClickBandit".  ClickBandit will create the clickjacking attack for you, so you can illustrate the business impact to your client on their own site.  There's nothing like a video of their own site getting exploited to bring the point home!

More details on this new feature here:  http://blog.portswigger.net/2015/12/burp-clickbandit-javascript-based.html. 

===============
Rob VandenBrink
Compugen

Rob VandenBrink

497 Posts
ISC Handler
I followed the instructions in the site, saved the clickjacked.html, & opened it in the browser. I clicked on "Click" button, but didn't get "You've been clickjacked!". Does that mean site is not vulnerable?
Anonymous

Sign Up for Free or Log In to start participating in the conversation!