You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
1.6 KiB
74 lines
1.6 KiB
#!/usr/bin/env bash |
|
|
|
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then |
|
cat << 'EOF' |
|
Usage: clickjacking url [outfile] |
|
|
|
The script will use a headless version of firefox to screenshot a page containing the provided url in an iframe |
|
|
|
This script will create a firefox profile called headless to create the screenshot with |
|
EOF |
|
exit 0 |
|
fi |
|
# Name of firefox binary |
|
firefox="firefox" |
|
# If firefox developer edition is installed, use that instead |
|
type "firefox-developer-edition" 2>&1 >/dev/null && firefox="firefox-developer-edition" |
|
|
|
die(){ |
|
echo "$@" |
|
exit 1 |
|
} |
|
|
|
# Name of firefox profile to use |
|
# This will need to be a profile that isn't currently open |
|
# I suggest making one for headless use |
|
# go to about:profiles in firefox to create one |
|
profile="test" |
|
|
|
# Url of site to put in iframe |
|
url="$1" |
|
|
|
[ -z "$url" ] && die "You need to provide a url" |
|
|
|
# Name of image to make |
|
output="${2:-screenshot.png}" |
|
|
|
$firefox -CreateProfile "$profile" -no-remote 2>&1 >/dev/null |
|
|
|
source=" |
|
<!DOCTYPE html> |
|
<html> |
|
<head> |
|
<meta charset='UTF-8' /> |
|
<meta name='viewport' content='width=device-width' /> |
|
<title>Clickjacking example</title> |
|
<style type='text/css' media='screen'> |
|
body{ |
|
width: 100vw; |
|
height: 100vh; |
|
border: 2px solid black; |
|
} |
|
iframe{ |
|
border: 3px solid black; |
|
width: 80%; |
|
height: 80%; |
|
margin: 20px auto; |
|
display: block; |
|
} |
|
h1, p{ |
|
text-align: center; |
|
} |
|
</style> |
|
</head> |
|
<body> |
|
<h1>Clickjacking example</h1> |
|
<iframe src='$url'> |
|
</iframe> |
|
<p>If content is rendered above, the site is vulnerable to clickjacking</p> |
|
</body> |
|
</html> |
|
" |
|
|
|
|
|
$firefox -P "$profile" --screenshot "$output" "data:text/html;base64,$(echo "$source" | base64 -w 0)"
|
|
|