From 45ac26d2d71aeceb662565a47510e57d846399d5 Mon Sep 17 00:00:00 2001 From: Jonathan Hodgson Date: Mon, 25 May 2020 17:48:56 +0100 Subject: [PATCH] Adds script to make clickjacking screenshot --- bin/.bin/webtest/clickjacking | 53 +++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100755 bin/.bin/webtest/clickjacking diff --git a/bin/.bin/webtest/clickjacking b/bin/.bin/webtest/clickjacking new file mode 100755 index 00000000..037e2c57 --- /dev/null +++ b/bin/.bin/webtest/clickjacking @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +# Name of firefox binary +firefox="firefox-developer-edition" + +# Name of firefox profile to use +# This will need to be a profile that isn't currently open +# I suggest making one for headless use +# go to about:profiles in firefox to create one +profile="headless" + +# Url of site to put in iframe +url="$1" + +# Name of image to make +output="${2:-screenshot.png}" + +source=" + + + + + + Clickjacking example + + + +

Clickjacking example

+ +

If content is rendered above, the site is vulnerable to clickjacking

+ + +" + + +firefox-developer-edition -P headless --screenshot "$output" "data:text/html;base64,$(echo "$source" | base64 -w 0)"