#!/usr/bin/env bash

if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
	cat << 'EOF'
Usage: clickjacking url [outfile]

The script will use a headless version of firefox to screenshot a page containing the provided url in an iframe

This script will create a firefox profile called headless to create the screenshot with
EOF
	exit 0
fi
# Name of firefox binary
firefox="firefox"
# If firefox developer edition is installed, use that instead
type "firefox-developer-edition" 2>&1 >/dev/null && firefox="firefox-developer-edition"

die(){
	echo "$@"
	exit 1
}

# Name of firefox profile to use
# This will need to be a profile that isn't currently open
# I suggest making one for headless use
# go to about:profiles in firefox to create one
profile="headless"

# Url of site to put in iframe
url="$1"

[ -z "$url" ] && die "You need to provide a url"

# Name of image to make
output="${2:-screenshot.png}"

$firefox -CreateProfile "$profile" -no-remote 2>&1 >/dev/null

source="
<!DOCTYPE html>
<html>
	<head>
		<meta charset='UTF-8' />
		<meta name='viewport' content='width=device-width' />
		<title>Clickjacking example</title>
		<style type='text/css' media='screen'>
body{
	width: 100vw;
	height: 100vh;
	border: 2px solid black;
}
iframe{
	border: 3px solid black;
	width: 80%;
	height: 80%;
	margin: 20px auto;
	display: block;
}
h1, p{
	text-align: center;
}
		</style>
	</head>
	<body>
		<h1>Clickjacking example</h1>
		<iframe src='$url'>
		</iframe>
		<p>If content is rendered above, the site is vulnerable to clickjacking</p>
	</body>
</html>
"


$firefox -P "$profile" --screenshot "$output" "data:text/html;base64,$(echo "$source" | base64 -w 0)"