1
00:00:00,660 --> 00:00:01,510
Hello, everyone.

2
00:00:02,310 --> 00:00:09,120
So in this video, we are going to see unmitigated website against click tracking.

3
00:00:09,690 --> 00:00:14,030
So we have already seen multiple websites which are vulnerable to click tracking.

4
00:00:14,720 --> 00:00:23,070
Now, in case you come across any website which actually defends click tracking by putting the necessary

5
00:00:23,070 --> 00:00:27,200
protection in place, how you're going to identify that.

6
00:00:27,690 --> 00:00:35,970
So for that, I have put this video in which we are going to identify if the website is not vulnerable

7
00:00:35,970 --> 00:00:38,880
to click Jianqing using multiple ways.

8
00:00:39,570 --> 00:00:41,580
The website is Starbucks start and.

9
00:00:42,810 --> 00:00:51,030
All right, so first we misidentified the website is vulnerable or not, one rebel using the network

10
00:00:51,030 --> 00:00:51,430
tab.

11
00:00:52,080 --> 00:00:58,920
So as you can see, I opened the network tab with the help of Right Click Inspect Element.

12
00:00:58,920 --> 00:01:03,870
And you can come over here now into the network tab.

13
00:01:04,020 --> 00:01:11,490
When you are there, you just need to reload the website again and you will be able to see all the request

14
00:01:11,490 --> 00:01:13,110
and response over here.

15
00:01:13,880 --> 00:01:16,490
Now just click on to the first request.

16
00:01:16,500 --> 00:01:22,770
That is the Starbucks start in which you can see over here and once you click on that.

17
00:01:24,460 --> 00:01:32,410
You will be able to see all the necessary headers that are present into that particular request.

18
00:01:33,040 --> 00:01:40,840
So as you can see over here, there is a header which is present with these x frame options, same origin.

19
00:01:41,170 --> 00:01:48,380
And we have already seen that directives for click checking and extreme options.

20
00:01:48,670 --> 00:01:56,410
So this is one of the directive that fits into the prediction of click tracking and thus we can confirm

21
00:01:56,800 --> 00:02:00,220
this website is not vulnerable to click tracking attack.

22
00:02:01,000 --> 00:02:01,450
All right.

23
00:02:02,230 --> 00:02:10,080
Let's try the other way around, which is through the code that we have made to identify and make posse's

24
00:02:10,090 --> 00:02:11,150
for click tracking.

25
00:02:11,680 --> 00:02:18,730
So I'm just going to put our target over here with your Starbucks card and I'm going to see if the code

26
00:02:19,000 --> 00:02:23,350
so once I have saved the code, I'm going to open it with my browser.

27
00:02:23,740 --> 00:02:28,690
And you can see there would be an error which is refused to connect.

28
00:02:29,110 --> 00:02:30,760
Why is this error coming?

29
00:02:30,970 --> 00:02:39,760
Because the Target website, which is Tarbuck Start End, is not allowed to get opened into an iFrame

30
00:02:40,060 --> 00:02:47,860
because we have seen the prediction that was Extreme Options Directive, which says SIM Origin, and

31
00:02:47,860 --> 00:02:54,190
this is a different origin, which is basically a word localhost machine and it is not allowed to open

32
00:02:54,430 --> 00:02:58,270
that target website into our new iFrame.

33
00:02:59,860 --> 00:03:06,430
All right, let's see another way to identify if the website is not vulnerable as we have already used

34
00:03:06,430 --> 00:03:09,800
Sami dot people to make quick Busey's on the go.

35
00:03:10,120 --> 00:03:13,500
Let's see if we are able to open up at over here or not.

36
00:03:13,960 --> 00:03:19,450
And you can see we will get the same result and it refused to connect.

37
00:03:20,200 --> 00:03:26,470
And the last one which we have seen, which is the security headers, let's try to identify all here

38
00:03:26,470 --> 00:03:26,950
as well.

39
00:03:27,490 --> 00:03:35,860
And you can see once I hit scan, there is a security header which is present that is extreme options

40
00:03:36,010 --> 00:03:44,440
that you can see over here because of which we can confirm that click checking is not present on this

41
00:03:44,440 --> 00:03:45,510
target Web site.

42
00:03:46,000 --> 00:03:53,470
So I hope you guys understood the four ways that we sought to identify if any website is vulnerable

43
00:03:53,470 --> 00:03:55,240
to this attack or not.

44
00:03:55,600 --> 00:03:56,140
Thank you.