Clickjacking
UI Redress Attack
An attack that tricks users into clicking hidden elements by overlaying invisible frames on top of legitimate page content.
Техническая деталь
Digital clickjacking embeds data in the least significant bits (LSB) of image pixels. Changing the LSB of each color channel alters pixel values by at most 1 — invisible to the human eye. An 8-megapixel image can hide ~3 MB of data using 1-bit LSB embedding. Detection (steganalysis) uses statistical methods: chi-square analysis reveals non-natural distribution patterns in LSB values. More sophisticated methods use DCT coefficients in JPEG or spread spectrum techniques that distribute data across multiple pixels.
Пример
```javascript
// Clickjacking — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0')).join('');
```
Связанные инструменты
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 Encoder / Decoder
Д
Декодер JWT
Г
Генератор UUID
T
TOTP Configurator
S
SSL Certificate Decoder
Связанные термины
AES
RSA
SHA-256
SSL/TLS
PGP
Steganography
Checksum
Password Hashing
QR Code
HMAC
TOTP
Key Derivation
Salt
Entropy
Public Key
OWASP Top 10
XSS
CSRF
SQL Injection
Command Injection
Path Traversal
SSRF
HSTS
Certificate Pinning
Zero-Day
CVE
Penetration Testing
Threat Modeling
Defense in Depth
Insecure Deserialization
XXE
SRI
Argon2
CORS Misconfiguration
Sensitive Data Exposure
2FA
RBAC
PKI
DDoS
WAF
Nonce
E2EE
FIDO2
Sandbox