You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

75 lines
1.6 KiB

#!/usr/bin/env bash
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
cat << 'EOF'
Usage: clickjacking url [outfile]
The script will use a headless version of firefox to screenshot a page containing the provided url in an iframe
This script will create a firefox profile called headless to create the screenshot with
EOF
exit 0
fi
# Name of firefox binary
firefox="firefox"
# If firefox developer edition is installed, use that instead
type "firefox-developer-edition" 2>&1 >/dev/null && firefox="firefox-developer-edition"
die(){
echo "$@"
exit 1
}
# Name of firefox profile to use
# This will need to be a profile that isn't currently open
# I suggest making one for headless use
# go to about:profiles in firefox to create one
profile="test"
# Url of site to put in iframe
url="$1"
[ -z "$url" ] && die "You need to provide a url"
# Name of image to make
output="${2:-screenshot.png}"
$firefox -CreateProfile "$profile" -no-remote 2>&1 >/dev/null
source="
<!DOCTYPE html>
<html>
<head>
<meta charset='UTF-8' />
<meta name='viewport' content='width=device-width' />
<title>Clickjacking example</title>
<style type='text/css' media='screen'>
body{
width: 100vw;
height: 100vh;
border: 2px solid black;
}
iframe{
border: 3px solid black;
width: 80%;
height: 80%;
margin: 20px auto;
display: block;
}
h1, p{
text-align: center;
}
</style>
</head>
<body>
<h1>Clickjacking example</h1>
<iframe src='$url'>
</iframe>
<p>If content is rendered above, the site is vulnerable to clickjacking</p>
</body>
</html>
"
$firefox -P "$profile" --screenshot "$output" "data:text/html;base64,$(echo "$source" | base64 -w 0)"