mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-10 21:24:56 +03:00
mukul975
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
2.2 KiB
2.2 KiB
API Reference: Performing Clickjacking Attack Test
HTTP Security Headers
| Header | Values | Description |
|---|---|---|
X-Frame-Options |
DENY, SAMEORIGIN, ALLOW-FROM uri |
Legacy frame embedding control |
Content-Security-Policy: frame-ancestors |
'none', 'self', URLs |
Modern CSP-based frame control |
requests Library
| Method | Description |
|---|---|
requests.get(url, allow_redirects=True) |
Fetch page and follow redirects |
response.headers.get("X-Frame-Options") |
Extract frame protection header |
response.headers.get("Content-Security-Policy") |
Extract CSP header |
PoC HTML Elements
| Element | Purpose |
|---|---|
<iframe src="target" style="opacity:0"> |
Invisible target frame overlay |
<div class="decoy"> |
Visible decoy content beneath frame |
sandbox attribute |
Bypass JS frame-busting on iframe |
JavaScript Frame-Busting Patterns
| Pattern | Description |
|---|---|
top.location !== self.location |
Check if page is framed |
window.top !== window.self |
Alternative frame detection |
parent.frames.length > 0 |
Check for parent frames |
Key Libraries
- requests (
pip install requests): HTTP client for header analysis - selenium (optional): Browser-based testing for JS frame-busting validation
- beautifulsoup4 (optional): Parse HTML for embedded frame-busting scripts
Configuration
| Variable | Description |
|---|---|
| Target URL | Authorized target application URL |
| Endpoint paths | Application paths to test (login, settings, admin) |
OWASP Testing Guide
| Test ID | Description |
|---|---|
| WSTG-CLNT-09 | Testing for Clickjacking |