Summary
This is a solid playbook for testing UI redress vulnerabilities. It walks you through checking X-Frame-Options and CSP frame-ancestors headers, building transparent iframe PoCs, and bypassing frame-busting scripts with the sandbox attribute. The templates cover single-click, multi-step, and drag-and-drop scenarios, with specific targets like account deletion and OAuth consent pages. What makes it useful is the testing checklist and the honest framing that clickjacking is often marked low severity until you chain it with admin actions. If you're doing web app pentests and need to quickly validate whether sensitive pages can be framed, this gives you the detection logic and HTML snippets to prove it out.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill clickjacking --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenJun 3, 2026
