53 lines
1.1 KiB
Bash
Executable file
53 lines
1.1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
# Name of firefox binary
|
|
firefox="firefox-developer-edition"
|
|
|
|
# Name of firefox profile to use
|
|
# This will need to be a profile that isn't currently open
|
|
# I suggest making one for headless use
|
|
# go to about:profiles in firefox to create one
|
|
profile="headless"
|
|
|
|
# Url of site to put in iframe
|
|
url="$1"
|
|
|
|
# Name of image to make
|
|
output="${2:-screenshot.png}"
|
|
|
|
source="
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset='UTF-8' />
|
|
<meta name='viewport' content='width=device-width' />
|
|
<title>Clickjacking example</title>
|
|
<style type='text/css' media='screen'>
|
|
body{
|
|
width: 100vw;
|
|
height: 100vh;
|
|
border: 2px solid black;
|
|
}
|
|
iframe{
|
|
border: 3px solid black;
|
|
width: 80%;
|
|
height: 80%;
|
|
margin: 20px auto;
|
|
display: block;
|
|
}
|
|
h1, p{
|
|
text-align: center;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<h1>Clickjacking example</h1>
|
|
<iframe src='$url'>
|
|
</iframe>
|
|
<p>If content is rendered above, the site is vulnerable to clickjacking</p>
|
|
</body>
|
|
</html>
|
|
"
|
|
|
|
|
|
firefox-developer-edition -P headless --screenshot "$output" "data:text/html;base64,$(echo "$source" | base64 -w 0)"
|