├── .gitignore
├── .project
├── README.md
└── clickbandit.js
/.gitignore:
--------------------------------------------------------------------------------
1 | .project
2 |
--------------------------------------------------------------------------------
/.project:
--------------------------------------------------------------------------------
1 |
2 |
3 | clickbandit github
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # clickbandit
2 | A JavaScript clickjacking PoC generator
3 |
--------------------------------------------------------------------------------
/clickbandit.js:
--------------------------------------------------------------------------------
1 | /* Copyright PortSwigger Ltd. All rights reserved. Usage is subject to the Burp Suite license terms. See https://portswigger.net for more details. */
2 | !function(){
3 | var initialZoomFactor = '1.0', win, doc, width, height, clicks = [];
4 | function addClickTrap(element, minusY) {
5 | var clickTrap = doc.createElement('div'), cords = findPos(element);
6 | clickTrap.style.backgroundColor = 'none';
7 | clickTrap.style.border = 'none';
8 | clickTrap.style.position = 'absolute';
9 | clickTrap.style.left = cords[0] + 'px';
10 | clickTrap.style.top = cords[1] + 'px';
11 | clickTrap.style.width = element.offsetWidth + 'px';
12 | clickTrap.style.height = element.offsetHeight + 'px';
13 | if(element.zIndex || element.zIndex === '0') {
14 | clickTrap.style.zIndex = +element.zIndex+1;
15 | }
16 | clickTrap.style.opacity = '0.5';
17 | clickTrap.style.cursor = 'pointer';
18 | clickTrap.clickTrap = 1;
19 | clickTrap.addEventListener('click', function(e) {
20 | generatePoc({x:e.pageX, y: minusY?e.pageY-minusY : e.page});
21 | e.preventDefault();
22 | e.stopPropagation();
23 | return false;
24 | }, true);
25 | doc.body.appendChild(clickTrap);
26 | }
27 | function addMessage(msg) {
28 | var message = document.createElement('div');
29 | message.style.width = '100%';
30 | message.style.height = '20px';
31 | message.style.backgroundColor = '#fff5bf';
32 | message.style.border = '1px solid #ff9900';
33 | message.style.padding = '5px';
34 | message.style.position = 'fixed';
35 | message.style.bottom = '0';
36 | message.style.left = '0';
37 | message.style.zIndex = 100000;
38 | message.style.textAlign = 'center';
39 | message.style.fontFamily = 'Arial';
40 | message.style.color = '#000';
41 | message.appendChild(document.createTextNode(msg));
42 | document.body.appendChild(message);
43 | setTimeout(function() {
44 | document.body.removeChild(message);
45 | }, 4000);
46 | }
47 | function htmlEscape(str) {
48 | str = str + '';
49 | return str.replace(/[^\w :\-\/.?=]/gi, function(c){
50 | return '&#' + (+c.charCodeAt(0))+';';
51 | });
52 | }
53 | function getDocHeight(D) {
54 | return Math.max(
55 | D.body.scrollHeight, D.documentElement.scrollHeight,
56 | D.body.offsetHeight, D.documentElement.offsetHeight,
57 | D.body.clientHeight, D.documentElement.clientHeight
58 | );
59 | }
60 | function getDocWidth(D) {
61 | return Math.max(
62 | D.body.scrollWidth, D.documentElement.scrollWidth,
63 | D.body.offsetWidth, D.documentElement.offsetWidth,
64 | D.body.clientWidth, D.documentElement.clientWidth
65 | );
66 | }
67 | function findPos(obj) {
68 | var left = 0, top = 0;
69 | if(obj.offsetParent) {
70 | while(1) {
71 | left += obj.offsetLeft;
72 | top += obj.offsetTop;
73 | if(!obj.offsetParent) {
74 | break;
75 | }
76 | obj = obj.offsetParent;
77 | }
78 | } else if(obj.x && obj.y) {
79 | left += obj.x;
80 | top += obj.y;
81 | }
82 | return [left,top];
83 | }
84 | function generatePoc(config) {
85 | var html = '', child = '', elementWidth = 1, elementHeight = 1, maxWidth = width, maxHeight = height, cords, zoomIncrement = 1, desiredX = 200, desiredY = 200, parentOffsetWidth, parentOffsetHeight,
86 | element = config.element, x = config.x, y = config.y, pixelMode = false;
87 | if(config.clickTracking) {
88 | elementWidth = config.clickTracking[0].width;
89 | elementHeight = config.clickTracking[0].height;
90 | x = config.clickTracking[0].left;
91 | y = config.clickTracking[0].top;
92 | zoomIncrement = 1;
93 | config.currentPosition = 0;
94 | } else {
95 | config.clickTracking = [];
96 | if(element) {
97 | elementWidth = element.offsetWidth;
98 | elementHeight = element.offsetHeight;
99 | cords = findPos(element);
100 | x = cords[0];
101 | y = cords[1];
102 | zoomIncrement = 1;
103 | } else {
104 | zoomIncrement = 5;
105 | pixelMode = true;
106 | }
107 | }
108 | parentOffsetWidth = desiredX - x;
109 | parentOffsetHeight = desiredY - y;
110 | child = btoa('