X-Frame



Description

This test aims to see if the website input pages can be copied in a Iframe to extract data from unknowing users.


Examples/Methods/Results

iframe + Script

This method Takes the Website on a Iframe to be sent to a target user. As the user types, a script can take the users input and shares it to the attacker. Below example captures this website being used to capture a user logging in. Change the iframe source to intended website.

No image found

Run the made-up website and test if the page will load.

No image found

To test the inputs for this example script, right click on the page, then select inspect, then select console. Type in the log in page and watch the console.

No image found

Further Readings

Xframe options info