NO.0x0001
- people have completed this challenge
Contributor:
⚠️ Educational Purpose Only - This is a simulation of a X OAuth phishing attack using DoubleClickjacking ⚠️

X (X) OAuth Phishing with DoubleClickjacking

Challenge: Identify the DoubleClickjacking Attack

Scenario Description

You receive an email claiming you've won a X Blue subscription for a year. The email contains a link to claim your prize. When you click on it, you're taken to what appears to be a X OAuth authorization page.

This simulation demonstrates a sophisticated phishing technique called DoubleClickjacking, which can bypass X-Frame-Options protection that normally prevents clickjacking attacks.

The DoubleClickjacking technique, discovered by Paulo Syibelo in 2024, uses a double-click event to bypass frame busting and X-Frame-Options protections.

1✓
Authorization
2
More Permissions
3
Success
🔒https://xx.com/i/oauth2/authorize
X Logo
Authorize X Rewards
TR
X Rewards
xx.com
This app will be able to:
See your username, profile picture and account info
See your followers
Cancel

This challenge is locked. Please complete the beginner challenge1 first.