OWASP Click Me Project

Revision as of 09:08, 8 March 2014 by Arun Kumar V (Talk | contribs)

Jump to: navigation, search

OWASP Project Header.jpg

OWASP Click Me Project

The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website. Clickjacking attack occurs when a malicious site tricks a user into clicking on a hidden element that belong to another site which they have loaded in a hidden frame or iframe.OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame.

Sites can use frame breaking scripts and X-Frame-Options set with DENY or SAME ORIGIN values to avoid Clickjacking attacks,by ensuring that their content is not embedded into other sites.


The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License.

The OWASP Click Me Project provides:

  • Proof of concept for Clickjacking vulnerability .

Project Leader

Quick Download

Click Me


Owasp-incubator-trans-85.png Owasp-builders-small.png
Project Type Files TOOL.jpg

The OWASP Click Me Project: The primary contributors to date have been:



OWASP definition on Click jacking or "UI redress attack"
OWASP test guide for Click jacking attacks.

Just a click away to get your copy of OWASP Click Me.Here we go !

Click Me to Download



Note : OWASP Click Me is a jar file ,so you will need JRE in your system to run the file.

As of March 2014, the priorities are:

  • Creating the test html page.

Involvement in the development and promotion of the OWASP Click Me Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Create a GUI which will help to provide a Proof of Concept on how the attack could be exploited for a given web page.

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP Click Me Project (home page)
Purpose: OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks
License: OWASP Click Me is free to use and is licensed under Apache 2.0
who is working on this project?
Project Leader(s):
  • Arun Kumar @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Arun Kumar @ to contribute to this project
  • Contact Arun Kumar @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases