Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Burp Feature - ClickBandit - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Burp Feature - ClickBandit

If you've ever worked through a web application pentest and found clickjacking vulnerabilities,you may have had some trouble in the "why is this important"  conversation with your client.

The newest versions of Burp (after 1.6.32) have a new feature called "ClickBandit".  ClickBandit will create the clickjacking attack for you, so you can illustrate the business impact to your client on their own site.  There's nothing like a video of their own site getting exploited to bring the point home!

More details on this new feature here: 

Rob VandenBrink

Rob VandenBrink

579 Posts
ISC Handler
Dec 10th 2015
I followed the instructions in the site, saved the clickjacked.html, & opened it in the browser. I clicked on "Click" button, but didn't get "You've been clickjacked!". Does that mean site is not vulnerable?

Sign Up for Free or Log In to start participating in the conversation!