Some of you may have been observant and noticed that Nikto has alerted about the lack of the
X-Frame-Options header from web servers. This headers gives hints to the user agent on how it should be handled from within a frame, effectively preventing click-jacking, or the overlaying of information over a frame to fool a user into clicking on something they don't want to.
If your company's QA processes are anything like those of the company I work for, then every presented issue should be provided with evidence. A one line output from Nikto saying "
So, the simplest solution is to create an HTML page to load your chosen target in a browser and then overlay content over the top to show how easy it is to perform.
For this the attached HTML page, will do this. Enter the URL in the input box and press load to load it into an iframe. Then when you need to take that all important screenshot, you can hide the form using the toggle button on the top right.
Warning it may not work correctly on Internet Explorer as IE (still) doesn't follow standards.
The click jacking test page can be downloaded here: clickjacking-test.html.zip