instructions.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
    <head>
        <title>samy's quickjacking</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    </head>
    <body>
<br>
    <h2>samy's quickjacking</h2>
    <ul>
	<li>This tool can be used to create an iframe slice or to produce clickjacking code.</li>
	<li>The clickjacking code produced allows the victim to click <b>anywhere</b> on the page in order to get clickjacked.</li>
	<li>Example clickjacking of Facebook can be found at http://samy.pl/quickjack/twitter.html -- click anywhere to add the Twitter application.<p></li>

	<li>Click <b>QuickSlice Mode</b> to switch to iframe slicing, or <b>QuickJack Mode</b> for clickjacking mode.<p></li>

    <li>First, <b>type your URL</b> into the box in the top left corner and <b>press enter</b>.</li>
    <li>If you find that <b>the URL box disappears</b> when going to a specific URL, try the <b>Go (prevent frame breakout)</b> button.</li>
    <li><b>Clicking the draggable icon</b> will allow you to <b>drag</b> the URL box around.</li>
    <li>To <b>pan</b> around the page, <b>hold down spacebar or click the "Pan" button</b>, then <b>click and drag</b>.</li>
	<li>To create clickjacking HTML, <b>click QuickJack Mode</b>, then click on the location you want to force clicks to.</li>
    <li>To make an iframe with your selection, <b>click and drag</b> to create a selection, then <b>press</b> the <b>I'm Done!</b> button to get your code.</li>
	<li>Originally based off of some unknown cakeslicing app.</li>
    </ul>
<br>
<b>Todo:</b>
<ul>
	<li>Prevent referrer passing in Opera</li>
	<li>Prevent frame breakouts in more than FF3</li>
	<li>Don't alter URL when panning with spacebar</li>
	<li>Display iframe when frame breakout enabled</li>
	<li>Adjust default mouse pointer</li>
</ul>
    </body>
</html>