1. What is Clickjacking.
It is also known as User Interface redress attack, UI redress attack, UI redressing
It is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms
2. How to prevent Clickjacking using Filter in java
Below example shows how Clickjacking will happens and how we can prevent the same.
Here I have created a Simple LoginServlet , after successful login, page will be redirected to success page.
Everyone knows how to create servlet and deploy the same. But still I am writing here to understand who have no idea how to create.
Step 1: Start eclipse
Step2: create a Dynamic Web Project ->
Step3: first we need to create a login.jsp page, under Webcontent of the project
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>Step 4: Need to create a success pageLogin page
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>Login Success
Login Successful |
You can construct page as you like |
Step 5: Now we need to create a LoginServlet
package com.siva; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class LoginServlet extends HttpServlet{ /** * */ private static final long serialVersionUID = 1L; public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); if("siva".equalsIgnoreCase(username)&& "raju".equalsIgnoreCase(password)){ System.out.println("inside if condition"); response.sendRedirect("loginSuccess.jsp"); } } }Step 6: Now we need to do Configuration in web.xml for LoginServlet
Step 7: Once this configuration done, Now we can run the project using any of the servers like Apache tomcat or Jboss.clickjacking_prevention login.jsp LoginServlet com.siva.LoginServlet LoginServlet /loginServlet
You can use the http://localhost:8080/clickjacking_prevention/

It will open page like above and you can enter username as siva and password as raju, then submit,
You can redirected to loginSuccess page

Create a html file and provide name as you like and paste the below code.
click jaking
Once we run this html file we can see the same data which is showed in the loginSuccess page

Step 10 : Now we can see the difference between above two images. One is url page and one is iframe constructed page, both are same.
So hacker can use this , and patch in your actual site and steal the data.
Now How to prevent this.
We need to add this code in our filter or jsp page.
response.addHeader("X-FRAME-OPTIONS", “DENY” );
Here I have written Filter to overcome clickjacking
package com.siva; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; public class ClickjackingPreventionFilter implements Filter { private String mode = "DENY"; // Add X-FRAME-OPTIONS response header to tell any other browsers who not to display this //content in a frame. public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse res = (HttpServletResponse)response; res.addHeader("X-FRAME-OPTIONS", mode ); chain.doFilter(request, response); } public void destroy() { } public void init(FilterConfig filterConfig) { String configMode = filterConfig.getInitParameter("mode"); if ( configMode != null ) { mode = configMode; } } }
Step 11: Once Filter has completed now we need to add same filter configuration in web.xml file
ClickjackPreventionFilterDeny com.siva.ClickjackingPreventionFilter mode DENY ClickjackPreventionFilterDeny /*
Once we have done configuration , you can run the same Iframe example again, you can see the below page without any content, it will show warning in IE and it will not show any details in other browser.

This is how we can prevent the clickjacking attacks.
Thank you for viewing the post.
Hey it worked .. Thanks.. could you please let me know the better way to do that. I read some where that X-Frame-Option is deprecated. Is there any disadvantage of implementing using X-Frame-Option
ReplyDeletethanks very useful man !!!!
ReplyDeleteThanks for your compliment..
ReplyDeletewhy we can't use org.apache.catalina.filters.HttpHeaderSecurityFilter
ReplyDeletewith web-app version="2.4"
Hello friends, my name is Rajat and I work as the head of digital marketing in Delhi. I am affiliated with many MNC’s Software developers. If you are talking about the best educational institution in Delhi,Webtrackker help me get the best educational institute in Delhi.we are you offering some best services in our institute.with 100% job offers are available .
ReplyDeleteBest Php Training Institute in Delhi
Php Training in delhi
php Training center in delhi
Best Java Training Institute in delhi
Best Java Training in delhi
java Training center in delhi
linux Training center in delhi
Best linux Training Institute in Delhi
linux Training in delhi
Web Designing Training center in delhi
Best Web Designing Training institute in delhi
Web Designing Training in delhi
Oracle Training Institute in delhi
Oracle Training in Delhi
Oracle Training center in Delhi
blue prism Training Institute in delhi
blue prism Training in Delhi
blue prism Training center in Delhi
Automation Anywhere Training center In delhi
Automation Anywhere Training Institute In delhi
rpa Training Institute in delhi
rpa Training in Delhi
rpa Training center in Delhi
hadoop Training center in delhi
Best hadoop Training institute in delhi
hadoop Training in delhi
I have to voice my passion for your kindness giving support to those
ReplyDeleteThanks for one marvelous posting! I enjoyed reading it; you are a great
author. And i suggest for Java Training in chennai Visit Here: Best Java Training Institute in Chennai
Hope this blog helps me to enhance your knowledge. Thanks for posting!
ReplyDeleteJAVA Training in Chennai
JAVA Course
Such a Nice article.
ReplyDeleteTrexeego is a most affordable service provider company in India. This is make safe and enjoyable journey and reached comfortably to your final destination. Trexeego offers best outstation taxi in India. Without hesitation you can contact me.
Address- shop no- 17 upper ground floor, A Square mall, opp- Pan Oasis, Sarfabad
Sector- 73, Noida, Uttar Predesh
Pin code- 201301
+91-7992315344
Best Outstation Taxi in India
TreasureBox is operated by a group of young, passionate, and ambitious people that are working diligently towards the same goal - make your every dollar count, as we believe you deserve something better.
ReplyDeleteCheck out the best
outdoor furniture covers nz
body pillow nz
Flying Shift - Packers & Movers in Bhopal
ReplyDeletesalesforce training center in Noida
ReplyDeletehttp://www.webtrackker.com/Salesforce-Training-Institute-in-Noida.php
ReplyDeleteEffective blog with a lot of information. I just Shared you the link below for Courses .They really provide good level of training and Placement,I just Had Oracle Classes in this institute,Just Check This Link You can get it more information about the Oracle course.
ReplyDeleteJava training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery
You have shared useful and important script with us. Keep updating,
ReplyDeleteThanks to share with us,
sap training in chennai
sap training in porur
azure training in chennai
azure training in porur
cyber security course in chennai
cyber security course in porur
ethical hacking course in chennai
ethical hacking course in porur
Hope this blog helps me to enhance your knowledge. Thanks for posting! Keep blogging.
ReplyDeletehardware and networking training in chennai
hardware and networking training in annanagar
xamarin training in chennai
xamarin training in annanagar
ios training in chennai
ios training in annanagar
iot training in chennai
iot training in annanagar
NIFT Classes Bangalore
ReplyDeleteNIFT Classes In Bangalore
NIFT Situation Test Result
NIFT Training Courses
CEED College
CEED 2020 Entrance
NIFT Institutes In India
NIFT Entrance Exam 2019-20
CEED Form
ReplyDeleteCEED Entrance Exam Date 2020
NIFT Entrance Exam Preparations
CEED 2020
NIFT 2020 Fee Structure
NIFT Application Form Fees
NIFT Situation Test Sample Papers
CEED Entrance Exam 2020
CEED Application Form
Preparation For NIFT Entrance Exam
NID Study Material Free Download
ReplyDeleteStudy Material For CEED Entrance 2020
NID Institute In Ahmedabad
NID Admission Form 2020
UCEED Result 2018
NID Entrance Exams 2020
NID 2020 Application Form
NID 2020 Form
UCEED Result
NID Admission 2020
NID Application Form 2020
ReplyDeleteNID Mains Result
NIFT Form Fees
NIFT Entrance Exam Preparation
NIFT Ahmedabad Fee Structure
NID Admission 2020-21
NIFT Online Courses
NID Courses For Ug
Best Coaching Classes For NID In Lucknow
NIFT Coaching In Lucknow
CEED Preparation Books 2020
ReplyDeleteBest Coaching Institute For NID In Lucknow
UCEED Courses After 12th
CEED Entrance Exam 2019-20
CEED Test 2020 Date
CEED Online Form
NIFT Fees 2020
CEED Admission
NIFT Delhi Fees
CEED Online Exam
ReplyDeleteNID Portfolio Samples
Best Coaching Institute For NIFT In Lucknow
Best Coaching Classes For NIFT In Lucknow
NIFT Coaching Institute In Lucknow
NIFT Online Training
How To Get Admission In CEED
NID Workshops 2020
CEED Entrance Exam Form
NID Prelims
NID Dat Preparation
NIFT Bombay Center
ReplyDeleteHow to Apply For NID
Study Material For NID Entrance Exam
NID Mock Test 2020
NID Dat Prelims
CEED Mumbai Entrance Exam
NIFT Situation Test 2018 Results
CEED Test Result 2019
Ceed 2020 Admission
NIFT Institutes
NIFT Preparation Coaching
ReplyDeleteNIFT Situation Test Models
NIFT Entrance Coaching
NIFT Coaching Centre
NID Entrance Exam Preparation Books Pdf
NID Preparation Books Pdf
NIFT Entrance Exam Coaching
NIFT Situation Test Questions
NIFT Exam Coaching
NID Coaching Institute In Bengalore
Coaching Classes For NIFT Entrance
Marketing and Communications are on great demand. If you want to get your dream job in this field, then come to Talentedge. It provides you with the best source to find marketing and communication courses. Visit here for details
ReplyDeleteVisit Bharat Go Digital Academy to learn the digital marketing skills in India.
ReplyDeleteNeo Tokens er en måte du kan spare penger på hver gang du handler på nettbutikken vår! Ved vært kjøp samler du tokens som kan brukes til din neste handel!
ReplyDeleteVisit here death note
thank you for this useful informations amd i found something is interesting here ! I like This post !
ReplyDeleteVisit here :- Shapewear
thank you for this useful informations amd i found something is interesting here
ReplyDeleteWebsite Web scraping
Ioanna Andrianopoulou, innehaver av Afrodite’s Beauty, er opprinnelig fra Hellas hvor hun har tatt sin utdanning, men har bott og arbeidet i Sverige og Norge de siste 7 Ã¥rene. Hun har over 15 Ã¥rs erfaring i bransjen. Som kunde kan du altsÃ¥ føle deg trygg pÃ¥ at alle behandlinger blir utført pÃ¥ en proffesjonell mÃ¥te. Website : pediky shellac i oslo
ReplyDeleteThis post is very nice thanks for sharing. This website has very good content. This is exactly what I was looking for.
ReplyDeleteskredder skøyen
med vÃ¥re leverandører – de yter sitt ytterste for at vi skal kunne gi kunden den beste service, det beste produktet til den beste prisen!
ReplyDeletegullkjeder uten anheng
This comment has been removed by the author.
ReplyDeleteOSM Interiors is a full-service interior design company providing services such as architectural design, interior design, landscaping, and fit outs for both residential and commercial properties.
ReplyDeleteinterior designer hyderabad
This is very nice post.I’m happy to see some great article on your site.
ReplyDeleteVisit here :- uceed coaching
I am Mohua, the food blogger. Cooking is my passion. I love learning new recipes and experiment them to make a new and unique dishes. I believe if you have a tasty food, your mood will be good.
ReplyDeleteI have learnt many old recipes from my mother and grandmother and have given those recipes a modern touch. Anything we do by our heart always gives a positive result.
Now a days I am looking forward to many new recipes from food articles, and recipe books of my grandmother. I have also found many new tricks and techniques by which you can prepare delicious recipes very easily. Here I am going to share all the things I have learnt. Hope you all will also enjoy this technique of cooking those recipes. Come again and again to learn more unique techniques and recipes.
Visit here curd calories 1 cup
Your post was so much useful. Also check out our website for more information -:
ReplyDeleterental cars chennai