New Burp Feature - ClickBandit

Published: 2015-12-10. Last Updated: 2015-12-10 13:07:55 UTC
by Rob VandenBrink (Version: 1)
1 comment(s)

If you've ever worked through a web application pentest and found clickjacking vulnerabilities,you may have had some trouble in the "why is this important"  conversation with your client.

The newest versions of Burp (after 1.6.32) have a new feature called "ClickBandit".  ClickBandit will create the clickjacking attack for you, so you can illustrate the business impact to your client on their own site.  There's nothing like a video of their own site getting exploited to bring the point home!

More details on this new feature here:  http://blog.portswigger.net/2015/12/burp-clickbandit-javascript-based.html. 

===============
Rob VandenBrink
Compugen

Keywords: Burp clickjacking
1 comment(s)

Comments

I followed the instructions in the site, saved the clickjacked.html, & opened it in the browser. I clicked on "Click" button, but didn't get "You've been clickjacked!". Does that mean site is not vulnerable?

Diary Archives