Clipjacking: Hacked by copying text – Clickjacking but better
a year ago
- #clipjacking
- #client-side-exploitation
- #cybersecurity
- Clipjacking is a client-side exploitation technique that leverages the browser's clipboard to exfiltrate sensitive data.
- The attack requires embedding an iframe on the target site and ensuring it remains focused, similar to clickjacking prerequisites.
- Two Proof of Concepts (PoCs) are demonstrated: one using the browser's clipboard API and another that doesn't require API permissions, utilizing user keypress detection.
- The second PoC involves detecting user actions in an iframe to trigger a copy-paste sequence without direct API access.
- The article emphasizes the novelty of clipjacking over traditional clipboard hijacking and provides practical examples and code snippets.