{"id":32823,"date":"2025-08-28T17:24:01","date_gmt":"2025-08-28T10:24:01","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=32823"},"modified":"2026-02-03T09:19:17","modified_gmt":"2026-02-03T02:19:17","slug":"clickjacking-attack-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/","title":{"rendered":"Clickjacking Attack L\u00e0 G\u00ec? T\u00e1c H\u1ea1i &#038; 5 C\u00e1ch Ph\u00f2ng Ch\u1ed1ng To\u00e0n Di\u1ec7n"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Clickjacking-la-gi\" >Clickjacking l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Tac-hai-cua-Clickjacking-Attack\" >T\u00e1c h\u1ea1i c\u1ee7a Clickjacking Attack<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Doi-voi-ca-nhan-va-nguoi-dung\" >\u0110\u1ed1i v\u1edbi c\u00e1 nh\u00e2n v\u00e0 ng\u01b0\u1eddi d\u00f9ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Doi-voi-doanh-nghiep-va-Website\" >\u0110\u1ed1i v\u1edbi doanh nghi\u1ec7p v\u00e0 Website<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Co-che-hoat-dong-cua-mot-cuoc-tan-cong-Clickjacking\" >C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng Clickjacking<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Buoc-1-Chuan-bi-mot-trang-web-doc-hai\" >B\u01b0\u1edbc 1: Chu\u1ea9n b\u1ecb m\u1ed9t trang web \u0111\u1ed9c h\u1ea1i<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Buoc-2-Nhung-trang-dich-hop-phap\" >B\u01b0\u1edbc 2: Nh\u00fang trang \u0111\u00edch h\u1ee3p ph\u00e1p<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Buoc-3-Lam-trong-suot-giao-dien-dich\" >B\u01b0\u1edbc 3: L\u00e0m trong su\u1ed1t giao di\u1ec7n \u0111\u00edch<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Buoc-4-Lua-nguoi-dung-click\" >B\u01b0\u1edbc 4: L\u1eeba ng\u01b0\u1eddi d\u00f9ng click<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Cac-kich-ban-tan-cong-Clickjacking-pho-bien-thuc-te\" >C\u00e1c k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn th\u1ef1c t\u1ebf<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Mo-phong-tan-cong-bang-iframe-an\" >M\u00f4 ph\u1ecfng t\u1ea5n c\u00f4ng b\u1eb1ng iframe \u1ea9n<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Cac-ky-thuat-tan-cong-Clickjacking-pho-bien\" >C\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Likejacking-Facebook-like-button\" >Likejacking (Facebook like button)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Cursorjacking\" >Cursorjacking<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#File-download-Clickjacking\" >File download Clickjacking<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Video-play-Clickjacking\" >Video play Clickjacking<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#PasswordSensitive-Information-Hijacking\" >Password\/Sensitive Information Hijacking<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Cach-kiem-tra-website-co-lo-hong-Clickjacking-hay-khong\" >C\u00e1ch ki\u1ec3m tra website c\u00f3 l\u1ed7 h\u1ed5ng Clickjacking hay kh\u00f4ng<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Ma-nguon-HTML\" >M\u00e3 ngu\u1ed3n HTML<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Quan-sat-bang-mat\" >Quan s\u00e1t b\u1eb1ng m\u1eaft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Tao-mot-trang-thu-nghiem\" >T\u1ea1o m\u1ed9t trang th\u1eed nghi\u1ec7m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Su-dung-cong-cu-kiem-tra-bao-mat\" >S\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 ki\u1ec3m tra b\u1ea3o m\u1eadt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Tien-ich-mo-rong-tren-trinh-duyet-Browser-Add-ons\" >Ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ean tr\u00ecnh duy\u1ec7t (Browser Add-ons)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#So-sanh-Clickjacking-voi-CSRF-Phishing-XSS\" >So s\u00e1nh Clickjacking v\u1edbi CSRF, Phishing, XSS<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Clickjacking-voi-CSRF-Cross-Site-Request-Forgery\" >Clickjacking v\u1edbi CSRF (Cross-Site Request Forgery)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Clickjacking-voi-Phishing\" >Clickjacking v\u1edbi Phishing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#Clickjacking-voi-XSS-Cross-Site-Scripting\" >Clickjacking v\u1edbi XSS (Cross-Site Scripting)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/clickjacking-attack-la-gi\/#-5-Giai-phap-phong-chong-Clickjacking-hieu-qua-nhat\" >\u00a05 Gi\u1ea3i ph\u00e1p ph\u00f2ng ch\u1ed1ng Clickjacking hi\u1ec7u qu\u1ea3 nh\u1ea5t<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>Clickjacking<\/strong> l\u00e0 m\u1ed9t trong nh\u1eefng k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o ph\u1ed5 bi\u1ebfn nh\u1ea5t m\u00e0 b\u1ea5t k\u1ef3 ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb <a href=\"https:\/\/interdata.vn\/blog\/website-la-gi\/\">website<\/a> hay nh\u00e0 ph\u00e1t tri\u1ec3n n\u00e0o c\u0169ng c\u1ea7n bi\u1ebft \u0111\u1ec3 ch\u1ee7 \u0111\u1ed9ng ph\u00f2ng tr\u00e1nh. B\u00e0i vi\u1ebft n\u00e0y, InterData s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 b\u1ea3n ch\u1ea5t c\u1ee7a Clickjacking attack l\u00e0 g\u00ec, c\u00e1ch th\u1ee9c n\u00f3 ho\u1ea1t \u0111\u1ed9ng, c\u00e1c t\u00e1c h\u1ea1i do t\u1ea5n c\u00f4ng Clickjacking g\u00e2y ra v\u00e0 nh\u1eefng bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng Clickjacking hi\u1ec7u qu\u1ea3 nh\u1ea5t. T\u00ecm hi\u1ec3u ngay!<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Clickjacking-la-gi\"><\/span>Clickjacking l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>Clickjacking (hay click hijacking attack)<\/strong> l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o tinh vi. Thay v\u00ec \u0111\u00e1nh c\u1eafp th\u00f4ng tin tr\u1ef1c ti\u1ebfp b\u1eb1ng c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/page-la-gi\/\">trang web<\/a> gi\u1ea3 m\u1ea1o (nh\u01b0 trong <a href=\"https:\/\/interdata.vn\/blog\/tan-cong-phishing-la-gi\/\">Phishing<\/a>), k\u1ebb t\u1ea5n c\u00f4ng l\u1ea1i l\u1eeba ng\u01b0\u1eddi d\u00f9ng click v\u00e0o m\u1ed9t n\u1ed9i dung v\u00f4 h\u1ea1i, nh\u01b0ng th\u1ef1c ch\u1ea5t l\u1ea1i k\u00edch ho\u1ea1t m\u1ed9t h\u00e0nh \u0111\u1ed9ng nguy hi\u1ec3m tr\u00ean m\u1ed9t trang web kh\u00e1c.<\/p>\n<p>V\u1ec1 b\u1ea3n ch\u1ea5t, k\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra m\u1ed9t giao di\u1ec7n &#8220;\u1ea3o&#8221;, \u0111\u1eb7t l\u00ean tr\u00ean m\u1ed9t giao di\u1ec7n &#8220;th\u1eadt&#8221;, giao di\u1ec7n \u1ea3o n\u00e0y ho\u00e0n to\u00e0n trong su\u1ed1t ho\u1eb7c \u0111\u01b0\u1ee3c ng\u1ee5y trang m\u1ed9t c\u00e1ch kh\u00e9o l\u00e9o, khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng th\u1ec3 nh\u1eadn ra.<\/p>\n<p>Khi ng\u01b0\u1eddi d\u00f9ng click v\u00e0o m\u1ed9t n\u00fat b\u1ea5m t\u01b0\u1edfng ch\u1eebng v\u00f4 h\u1ea1i tr\u00ean giao di\u1ec7n \u1ea3o (v\u00ed d\u1ee5: &#8220;T\u1ea3i xu\u1ed1ng t\u00e0i li\u1ec7u&#8221;), h\u00e0nh \u0111\u1ed9ng \u0111\u00f3 l\u1ea1i \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t n\u00fat b\u1ea5m kh\u00e1c tr\u00ean giao di\u1ec7n th\u1eadt b\u1ecb che l\u1ea5p (v\u00ed d\u1ee5: &#8220;Chuy\u1ec3n ti\u1ec1n&#8221;, &#8220;X\u00e1c nh\u1eadn \u0111\u0103ng xu\u1ea5t&#8221;).<\/p>\n<figure id=\"attachment_32824\" aria-describedby=\"caption-attachment-32824\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32824\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-la-gi.jpg\" alt=\"Clickjacking Attack l\u00e0 g\u00ec\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-la-gi-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32824\" class=\"wp-caption-text\">Clickjacking Attack l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<p>M\u1ee5c ti\u00eau cu\u1ed1i c\u00f9ng c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng l\u00e0 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t m\u1ed9t ph\u1ea7n ho\u1eb7c to\u00e0n b\u1ed9 t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng, th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng h\u1ec1 hay bi\u1ebft. \u0110\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c \u0111i\u1ec1u n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng th\u01b0\u1eddng l\u1ee3i d\u1ee5ng c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/lo-hong-bao-mat-la-gi\/\">l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/a> tr\u00ean website, \u0111\u1eb7c bi\u1ec7t l\u00e0 vi\u1ec7c cho ph\u00e9p nh\u00fang trang v\u00e0o iframe.<\/p>\n<p>Vi\u1ec7c t\u00ecm hi\u1ec3u Clickjacking attack l\u00e0 g\u00ec v\u00e0 c\u00e1ch ph\u00f2ng tr\u00e1nh l\u00e0 \u0111i\u1ec1u ki\u1ec7n ti\u00ean quy\u1ebft \u0111\u1ec3 b\u1ea3o v\u1ec7 an to\u00e0n cho website v\u00e0 ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tac-hai-cua-Clickjacking-Attack\"><\/span><strong>T\u00e1c h\u1ea1i c\u1ee7a Clickjacking Attack<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Clickjacking attack kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng l\u00fd thuy\u1ebft m\u00e0 \u0111\u00e3 g\u00e2y ra nhi\u1ec1u thi\u1ec7t h\u1ea1i th\u1ef1c t\u1ebf cho c\u1ea3 c\u00e1 nh\u00e2n, doanh nghi\u1ec7p v\u00e0 website. C\u00e1c h\u1eadu qu\u1ea3 th\u01b0\u1eddng g\u1eb7p c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng Clickjacking bao g\u1ed3m:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Doi-voi-ca-nhan-va-nguoi-dung\"><\/span><strong>\u0110\u1ed1i v\u1edbi c\u00e1 nh\u00e2n v\u00e0 ng\u01b0\u1eddi d\u00f9ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>M\u1ea5t ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1eeba ng\u01b0\u1eddi d\u00f9ng click v\u00e0o n\u00fat &#8220;\u0110\u1ed5i m\u1eadt kh\u1ea9u&#8221; ho\u1eb7c &#8220;X\u00e1c nh\u1eadn&#8221; tr\u00ean c\u00e1c trang m\u1ea1ng x\u00e3 h\u1ed9i, di\u1ec5n \u0111\u00e0n, khi\u1ebfn h\u1ecd m\u1ea5t quy\u1ec1n truy c\u1eadp.<\/li>\n<li><strong>Th\u1ef1c hi\u1ec7n h\u00e0nh vi l\u1eeba \u0111\u1ea3o:<\/strong> Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 b\u1ecb l\u1eeba click v\u00e0o n\u00fat &#8220;Chuy\u1ec3n ti\u1ec1n&#8221; ho\u1eb7c &#8220;Thanh to\u00e1n&#8221; tr\u00ean c\u00e1c trang ng\u00e2n h\u00e0ng tr\u1ef1c tuy\u1ebfn, d\u1eabn \u0111\u1ebfn m\u1ea5t m\u00e1t t\u00e0i ch\u00ednh.<\/li>\n<li><strong>Ph\u00e1t t\u00e1n n\u1ed9i dung \u0111\u1ed9c h\u1ea1i:<\/strong> C\u00e1c v\u1ee5 t\u1ea5n c\u00f4ng <strong>Likejacking<\/strong> (m\u1ed9t d\u1ea1ng Clickjacking) l\u1eeba ng\u01b0\u1eddi d\u00f9ng &#8220;th\u00edch&#8221; c\u00e1c trang, b\u00e0i vi\u1ebft \u0111\u1ed9c h\u1ea1i tr\u00ean m\u1ea1ng x\u00e3 h\u1ed9i, l\u00e0m l\u00e2y <a href=\"https:\/\/interdata.vn\/blog\/mang-lan\/\">lan<\/a> th\u00f4ng tin sai l\u1ec7ch ho\u1eb7c m\u00e3 \u0111\u1ed9c cho b\u1ea1n b\u00e8 c\u1ee7a h\u1ecd. <strong>N\u0103m 2010<\/strong>, m\u1ed9t v\u1ee5 t\u1ea5n c\u00f4ng nh\u01b0 v\u1eady \u0111\u00e3 l\u1eeba h\u00e0ng tri\u1ec7u ng\u01b0\u1eddi d\u00f9ng Facebook &#8220;th\u00edch&#8221; m\u1ed9t trang web, g\u00e2y ra l\u00e0n s\u00f3ng lo ng\u1ea1i v\u1ec1 an to\u00e0n th\u00f4ng tin.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Doi-voi-doanh-nghiep-va-Website\"><\/span><strong>\u0110\u1ed1i v\u1edbi doanh nghi\u1ec7p v\u00e0 Website<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Thi\u1ec7t h\u1ea1i uy t\u00edn:<\/strong> Khi website c\u1ee7a b\u1ea1n tr\u1edf th\u00e0nh n\u1ea1n nh\u00e2n c\u1ee7a Clickjacking, ng\u01b0\u1eddi d\u00f9ng s\u1ebd m\u1ea5t l\u00f2ng tin. S\u1ef1 vi\u1ec7c n\u00e0y c\u00f3 th\u1ec3 g\u00e2y t\u1ed5n h\u1ea1i nghi\u00eam tr\u1ecdng \u0111\u1ebfn th\u01b0\u01a1ng hi\u1ec7u v\u00e0 uy t\u00edn c\u1ee7a doanh nghi\u1ec7p.<\/li>\n<li><strong>M\u1ea5t d\u1eef li\u1ec7u:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1eeba ng\u01b0\u1eddi d\u00f9ng ti\u1ebft l\u1ed9 c\u00e1c th\u00f4ng tin nh\u1ea1y c\u1ea3m, l\u00e0m r\u00f2 r\u1ec9 d\u1eef li\u1ec7u quan tr\u1ecdng c\u1ee7a doanh nghi\u1ec7p.<\/li>\n<li><strong>Gi\u1ea3m doanh thu:<\/strong> C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u00e0m gi\u00e1n \u0111o\u1ea1n c\u00e1c giao d\u1ecbch tr\u1ef1c tuy\u1ebfn, g\u00e2y th\u1ea5t tho\u00e1t doanh thu cho c\u00e1c trang web th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Co-che-hoat-dong-cua-mot-cuoc-tan-cong-Clickjacking\"><\/span>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng Clickjacking<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Clickjacking d\u1ef1a tr\u00ean m\u1ed9t k\u1ef9 thu\u1eadt \u0111\u01a1n gi\u1ea3n nh\u01b0ng r\u1ea5t hi\u1ec7u qu\u1ea3: che gi\u1ea5u giao di\u1ec7n. \u0110\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c \u0111i\u1ec1u n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng th\u01b0\u1eddng s\u1eed d\u1ee5ng th\u1ebb &lt;iframe&gt; c\u1ee7a <a href=\"https:\/\/interdata.vn\/blog\/html-la-gi\/\">HTML<\/a>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-1-Chuan-bi-mot-trang-web-doc-hai\"><\/span>B\u01b0\u1edbc 1: Chu\u1ea9n b\u1ecb m\u1ed9t trang web \u0111\u1ed9c h\u1ea1i<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra m\u1ed9t trang web &#8220;m\u1ed3i&#8221; (v\u00ed d\u1ee5: m\u1ed9t trang web ch\u1ee9a video h\u1ea5p d\u1eabn ho\u1eb7c m\u1ed9t tr\u00f2 ch\u01a1i \u0111\u01a1n gi\u1ea3n). M\u1ee5c \u0111\u00edch c\u1ee7a trang n\u00e0y l\u00e0 thu h\u00fat ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0 t\u01b0\u01a1ng t\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-2-Nhung-trang-dich-hop-phap\"><\/span>B\u01b0\u1edbc 2: Nh\u00fang trang \u0111\u00edch h\u1ee3p ph\u00e1p<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ebb t\u1ea5n c\u00f4ng s\u1ebd nh\u00fang trang web h\u1ee3p ph\u00e1p (v\u00ed d\u1ee5: trang c\u00e1 nh\u00e2n tr\u00ean m\u1ea1ng x\u00e3 h\u1ed9i, trang ng\u00e2n h\u00e0ng) v\u00e0o trang web \u0111\u1ed9c h\u1ea1i c\u1ee7a m\u00ecnh th\u00f4ng qua th\u1ebb &lt;iframe&gt;.<\/p>\n<figure id=\"attachment_32825\" aria-describedby=\"caption-attachment-32825\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32825\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-hoat-dong-nhu-the-nao.jpg\" alt=\"Clickjacking Attack ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-hoat-dong-nhu-the-nao.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-hoat-dong-nhu-the-nao-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Clickjacking-Attack-hoat-dong-nhu-the-nao-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32825\" class=\"wp-caption-text\">Clickjacking Attack ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-3-Lam-trong-suot-giao-dien-dich\"><\/span>B\u01b0\u1edbc 3: L\u00e0m trong su\u1ed1t giao di\u1ec7n \u0111\u00edch<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\u1eed d\u1ee5ng <a href=\"https:\/\/interdata.vn\/blog\/css-la-gi\/\">CSS<\/a>, k\u1ebb t\u1ea5n c\u00f4ng l\u00e0m cho trang web \u0111\u01b0\u1ee3c nh\u00fang (b\u00ean trong iframe) tr\u1edf n\u00ean trong su\u1ed1t ho\u1eb7c l\u00e0m m\u1edd \u0111i, \u0111\u1ed3ng th\u1eddi \u0111\u1eb7t n\u00f3 \u1edf m\u1ed9t v\u1ecb tr\u00ed ch\u00ednh x\u00e1c \u0111\u1ec3 c\u00e1c n\u00fat b\u1ea5m quan tr\u1ecdng (nh\u01b0 &#8220;X\u00e1c nh\u1eadn&#8221;, &#8220;Th\u00edch&#8221;) tr\u00f9ng kh\u1edbp v\u1edbi c\u00e1c n\u00fat b\u1ea5m &#8220;v\u00f4 h\u1ea1i&#8221; tr\u00ean trang web \u0111\u1ed9c h\u1ea1i.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Buoc-4-Lua-nguoi-dung-click\"><\/span>B\u01b0\u1edbc 4: L\u1eeba ng\u01b0\u1eddi d\u00f9ng click<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ng\u01b0\u1eddi d\u00f9ng, khi truy c\u1eadp v\u00e0o trang web \u0111\u1ed9c h\u1ea1i, th\u1ea5y m\u1ed9t n\u00fat &#8220;v\u00f4 h\u1ea1i&#8221; (v\u00ed d\u1ee5: &#8220;Nh\u1eadn qu\u00e0 mi\u1ec5n ph\u00ed&#8221;). Khi h\u1ecd click v\u00e0o n\u00fat n\u00e0y, th\u1ef1c ch\u1ea5t h\u1ecd \u0111ang click xuy\u00ean qua l\u1edbp giao di\u1ec7n trong su\u1ed1t \u0111\u1ec3 t\u00e1c \u0111\u1ed9ng v\u00e0o n\u00fat c\u1ee7a trang web h\u1ee3p ph\u00e1p b\u00ean d\u01b0\u1edbi. H\u00e0nh \u0111\u1ed9ng n\u00e0y \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n ho\u00e0n to\u00e0n kh\u00f4ng theo \u00fd mu\u1ed1n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cac-kich-ban-tan-cong-Clickjacking-pho-bien-thuc-te\"><\/span>C\u00e1c k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn th\u1ef1c t\u1ebf<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t trong nh\u1eefng v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh l\u00e0 <strong>Likejacking tr\u00ean Facebook<\/strong>. Hacker t\u1ea1o m\u1ed9t trang web v\u1edbi n\u1ed9i dung gi\u1eadt g\u00e2n, v\u00ed d\u1ee5 &#8220;Xem video ca s\u0129 X l\u1ed9 clip n\u00f3ng&#8221;. Trang n\u00e0y c\u00f3 m\u1ed9t n\u00fat &#8220;Play&#8221; l\u1edbn. Khi ng\u01b0\u1eddi d\u00f9ng click v\u00e0o n\u00fat \u0111\u00f3, h\u1ecd th\u1ef1c ch\u1ea5t \u0111\u00e3 click v\u00e0o n\u00fat &#8220;Like&#8221; c\u1ee7a m\u1ed9t trang Fanpage ho\u1eb7c m\u1ed9t b\u00e0i vi\u1ebft n\u00e0o \u0111\u00f3 b\u1ecb \u1ea9n b\u00ean d\u01b0\u1edbi.<\/p>\n<p>K\u1ebft qu\u1ea3 l\u00e0, ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 &#8220;th\u00edch&#8221; m\u1ed9t n\u1ed9i dung kh\u00f4ng mong mu\u1ed1n, v\u00e0 h\u00e0nh \u0111\u1ed9ng n\u00e0y \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb tr\u00ean t\u01b0\u1eddng c\u00e1 nh\u00e2n c\u1ee7a h\u1ecd, lan truy\u1ec1n n\u1ed9i dung \u0111\u1ed9c h\u1ea1i \u0111\u1ebfn b\u1ea1n b\u00e8.<\/p>\n<p>Vi\u1ec7c hi\u1ec3u \u0111\u01b0\u1ee3c <strong>Clickjacking attack l\u00e0 g\u00ec<\/strong> v\u00e0 c\u00e1ch n\u00f3 ho\u1ea1t \u0111\u1ed9ng qua c\u00e1c k\u1ecbch b\u1ea3n th\u1ef1c t\u1ebf s\u1ebd gi\u00fap b\u1ea1n nh\u1eadn di\u1ec7n v\u00e0 ph\u00f2ng tr\u00e1nh t\u1ed1t h\u01a1n.<\/p>\n<figure id=\"attachment_32827\" aria-describedby=\"caption-attachment-32827\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32827\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Kich-ban-tan-cong-Clickjacking-thuc-te.jpg\" alt=\"K\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng Clickjacking th\u1ef1c t\u1ebf\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Kich-ban-tan-cong-Clickjacking-thuc-te.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Kich-ban-tan-cong-Clickjacking-thuc-te-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Kich-ban-tan-cong-Clickjacking-thuc-te-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32827\" class=\"wp-caption-text\">K\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng Clickjacking th\u1ef1c t\u1ebf<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Mo-phong-tan-cong-bang-iframe-an\"><\/span><strong>M\u00f4 ph\u1ecfng t\u1ea5n c\u00f4ng b\u1eb1ng iframe \u1ea9n<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>H\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng m\u1ed9t k\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra m\u1ed9t trang web v\u1edbi n\u1ed9i dung &#8220;Xem video mi\u1ec5n ph\u00ed&#8221;. Trang n\u00e0y ch\u1ee9a m\u1ed9t n\u00fat b\u1ea5m l\u1edbn v\u1edbi d\u00f2ng ch\u1eef &#8220;Click v\u00e0o \u0111\u00e2y \u0111\u1ec3 xem&#8221;. B\u00ean d\u01b0\u1edbi l\u1edbp giao di\u1ec7n c\u1ee7a n\u00fat n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 nh\u00fang m\u1ed9t trang chuy\u1ec3n kho\u1ea3n ng\u00e2n h\u00e0ng qua <strong>iframe<\/strong> v\u00e0 l\u00e0m n\u00f3 trong su\u1ed1t.<\/p>\n<p>N\u00fat &#8220;Chuy\u1ec3n ti\u1ec1n&#8221; tr\u00ean trang ng\u00e2n h\u00e0ng \u0111\u01b0\u1ee3c c\u0103n ch\u1ec9nh ch\u00ednh x\u00e1c \u0111\u1ec3 n\u1eb1m ngay d\u01b0\u1edbi n\u00fat &#8220;Click \u0111\u1ec3 xem video&#8221;. Khi ng\u01b0\u1eddi d\u00f9ng click, giao d\u1ecbch chuy\u1ec3n ti\u1ec1n \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n m\u00e0 h\u1ecd kh\u00f4ng h\u1ec1 bi\u1ebft.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-ky-thuat-tan-cong-Clickjacking-pho-bien\"><\/span><strong>C\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>K\u1ec3 t\u1eeb khi xu\u1ea5t hi\u1ec7n, c\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng Clickjacking \u0111\u00e3 ph\u00e1t tri\u1ec3n \u0111a d\u1ea1ng. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 h\u00ecnh th\u1ee9c ph\u1ed5 bi\u1ebfn m\u00e0 hacker th\u01b0\u1eddng s\u1eed d\u1ee5ng:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Likejacking-Facebook-like-button\"><\/span><strong>Likejacking (Facebook like button)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 m\u1ed9t trong nh\u1eefng k\u1ef9 thu\u1eadt Clickjacking l\u00e2u \u0111\u1eddi v\u00e0 n\u1ed5i ti\u1ebfng nh\u1ea5t, m\u1ee5c ti\u00eau l\u00e0 l\u1eeba ng\u01b0\u1eddi d\u00f9ng &#8220;th\u00edch&#8221; m\u1ed9t trang Fanpage, m\u1ed9t b\u00e0i vi\u1ebft ho\u1eb7c m\u1ed9t s\u1ea3n ph\u1ea9m m\u00e0 h\u1ecd kh\u00f4ng h\u1ec1 c\u00f3 \u00fd \u0111\u1ecbnh, h\u1eadu qu\u1ea3 l\u00e0 l\u00e0m gi\u1ea3m uy t\u00edn c\u1ee7a m\u1ea1ng x\u00e3 h\u1ed9i v\u00e0 lan truy\u1ec1n th\u00f4ng tin r\u00e1c.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cursorjacking\"><\/span><strong>Cursorjacking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ef9 thu\u1eadt n\u00e0y tinh vi h\u01a1n b\u1eb1ng c\u00e1ch l\u00e0m sai l\u1ec7ch v\u1ecb tr\u00ed con tr\u1ecf chu\u1ed9t. K\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra m\u1ed9t con tr\u1ecf chu\u1ed9t &#8220;gi\u1ea3&#8221;, di chuy\u1ec3n n\u00f3 l\u1ec7ch kh\u1ecfi con tr\u1ecf th\u1eadt, b\u1eb1ng c\u00e1ch n\u00e0y, ng\u01b0\u1eddi d\u00f9ng ngh\u0129 h\u1ecd \u0111ang click v\u00e0o m\u1ed9t v\u1ecb tr\u00ed an to\u00e0n nh\u01b0ng th\u1ef1c t\u1ebf l\u1ea1i click v\u00e0o m\u1ed9t \u0111i\u1ec3m kh\u00e1c, k\u00edch ho\u1ea1t h\u00e0nh \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i.<\/p>\n<figure id=\"attachment_32826\" aria-describedby=\"caption-attachment-32826\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32826\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-ky-thuat-tan-cong-Clickjacking-pho-bien.png\" alt=\"C\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn\" width=\"800\" height=\"600\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-ky-thuat-tan-cong-Clickjacking-pho-bien.png 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-ky-thuat-tan-cong-Clickjacking-pho-bien-300x225.png 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-ky-thuat-tan-cong-Clickjacking-pho-bien-768x576.png 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32826\" class=\"wp-caption-text\">C\u00e1c k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng Clickjacking ph\u1ed5 bi\u1ebfn<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"File-download-Clickjacking\"><\/span><strong>File download Clickjacking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>K\u1ef9 thu\u1eadt n\u00e0y l\u1ee3i d\u1ee5ng s\u1ef1 thi\u1ebfu c\u1ea3nh gi\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng khi t\u1ea3i file. K\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o m\u1ed9t trang web ch\u1ee9a m\u1ed9t n\u00fat &#8220;T\u1ea3i t\u00e0i li\u1ec7u&#8221; h\u1ea5p d\u1eabn, n\u00fat n\u00e0y \u0111\u01b0\u1ee3c \u0111\u1eb7t tr\u00f9ng v\u1edbi n\u00fat &#8220;Cho ph\u00e9p&#8221; \u0111\u1ec3 c\u1ea5p quy\u1ec1n truy c\u1eadp v\u00e0o m\u1ed9t th\u01b0 m\u1ee5c ho\u1eb7c cho ph\u00e9p t\u1ea3i m\u1ed9t file \u0111\u1ed9c h\u1ea1i.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Video-play-Clickjacking\"><\/span><strong>Video play Clickjacking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>T\u01b0\u01a1ng t\u1ef1 nh\u01b0 Likejacking, k\u1ebb t\u1ea5n c\u00f4ng ng\u1ee5y trang n\u00fat &#8220;Play&#8221; c\u1ee7a video \u0111\u1ec3 l\u1eeba ng\u01b0\u1eddi d\u00f9ng th\u1ef1c hi\u1ec7n m\u1ed9t h\u00e0nh \u0111\u1ed9ng kh\u00e1c. Khi ng\u01b0\u1eddi d\u00f9ng click \u0111\u1ec3 xem video, h\u1ecd l\u1ea1i k\u00edch ho\u1ea1t m\u1ed9t thao t\u00e1c kh\u00f4ng mong mu\u1ed1n, v\u00ed d\u1ee5 nh\u01b0 &#8220;Theo d\u00f5i k\u00eanh&#8221; ho\u1eb7c &#8220;\u0110\u0103ng k\u00fd nh\u1eadn th\u00f4ng b\u00e1o&#8221;.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"PasswordSensitive-Information-Hijacking\"><\/span><strong>Password\/Sensitive Information Hijacking<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 m\u1ed9t trong nh\u1eefng h\u00ecnh th\u1ee9c nguy hi\u1ec3m nh\u1ea5t. K\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o m\u1ed9t l\u1edbp trong su\u1ed1t tr\u00ean trang \u0111\u0103ng nh\u1eadp, c\u0103n ch\u1ec9nh ch\u00ednh x\u00e1c c\u00e1c tr\u01b0\u1eddng nh\u1eadp li\u1ec7u v\u00e0 n\u00fat &#8220;\u0110\u0103ng nh\u1eadp&#8221;, khi ng\u01b0\u1eddi d\u00f9ng g\u00f5 m\u1eadt kh\u1ea9u v\u00e0 click, th\u00f4ng tin c\u1ee7a h\u1ecd c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh c\u1eafp.<\/p>\n<p>T\u1ea5t c\u1ea3 c\u00e1c k\u1ef9 thu\u1eadt tr\u00ean \u0111\u1ec1u d\u1ef1a tr\u00ean c\u00f9ng m\u1ed9t nguy\u00ean t\u1eafc c\u1ed1t l\u00f5i c\u1ee7a Clickjacking: l\u1eeba ng\u01b0\u1eddi d\u00f9ng t\u01b0\u01a1ng t\u00e1c v\u1edbi m\u1ed9t giao di\u1ec7n b\u1ecb che gi\u1ea5u. Do \u0111\u00f3, vi\u1ec7c hi\u1ec3u r\u00f5 t\u1ea5n c\u00f4ng Clickjacking\u00a0v\u00e0 c\u00e1c bi\u1ebfn th\u1ec3 c\u1ee7a n\u00f3 l\u00e0 r\u1ea5t quan tr\u1ecdng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cach-kiem-tra-website-co-lo-hong-Clickjacking-hay-khong\"><\/span>C\u00e1ch ki\u1ec3m tra website c\u00f3 l\u1ed7 h\u1ed5ng Clickjacking hay kh\u00f4ng<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ec3 bi\u1ebft site c\u1ee7a m\u00ecnh c\u00f3 b\u1ecb t\u1ea5n c\u00f4ng clickjacking hay kh\u00f4ng, c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng ph\u00e1p sau:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ma-nguon-HTML\"><\/span>M\u00e3 ngu\u1ed3n HTML<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Ki\u1ec3m tra <a href=\"https:\/\/interdata.vn\/blog\/source-code-la-gi\/\">m\u00e3 ngu\u1ed3n<\/a> HTML c\u1ee7a trang web<\/strong>, \u0111\u1eb7c bi\u1ec7t l\u00e0 y\u1ebfu t\u1ed1 iframe. N\u1ebfu trang web b\u1ecb t\u1ea3i b\u00ean trong iframe c\u1ee7a m\u1ed9t trang kh\u00e1c m\u00e0 kh\u00f4ng c\u00f3 bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7, r\u1ea5t c\u00f3 th\u1ec3 b\u1ecb clickjacking. C\u00f3 th\u1ec3 m\u1edf tab &#8220;Elements&#8221; ho\u1eb7c &#8220;DOM&#8221; trong c\u00f4ng c\u1ee5 ph\u00e1t tri\u1ec3n tr\u00ecnh duy\u1ec7t \u0111\u1ec3 t\u00ecm ki\u1ebfm th\u1ebb iframe c\u00f3 tr\u00f9ng v\u1edbi website g\u1ed1c hay kh\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Quan-sat-bang-mat\"><\/span>Quan s\u00e1t b\u1eb1ng m\u1eaft<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Quan s\u00e1t b\u1eb1ng m\u1eaft th\u01b0\u1eddng<\/strong>: N\u1ebfu b\u1ed1 c\u1ee5c, m\u00e0u s\u1eafc, font ch\u1eef trang web kh\u00e1c th\u01b0\u1eddng, c\u00e1c th\u00e0nh ph\u1ea7n ch\u1ed3ng ch\u00e9o ho\u1eb7c kh\u00f4ng th\u1eb3ng h\u00e0ng, th\u1eddi gian t\u1ea3i trang l\u00e2u h\u01a1n b\u00ecnh th\u01b0\u1eddng, c\u00f3 c\u00e1c c\u1eeda s\u1ed5 chuy\u1ec3n h\u01b0\u1edbng l\u1ea1 ho\u1eb7c c\u00e1c trang y\u00eau c\u1ea7u quy\u1ec1n truy c\u1eadp m\u00e1y \u1ea3nh, m\u1ea1ng x\u00e3 h\u1ed9i,&#8230; c\u00f3 th\u1ec3 l\u00e0 d\u1ea5u hi\u1ec7u c\u1ee7a clickjacking.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tao-mot-trang-thu-nghiem\"><\/span>T\u1ea1o m\u1ed9t trang th\u1eed nghi\u1ec7m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00f3 th\u1ec3 th\u1eed <strong>t\u1ea1o m\u1ed9t trang th\u1eed nghi\u1ec7m v\u1edbi iframe ch\u1ee9a URL<\/strong> trang web c\u1ee7a m\u00ecnh. N\u1ebfu trang web c\u1ee7a m\u00ecnh hi\u1ec3n th\u1ecb b\u00ecnh th\u01b0\u1eddng trong iframe m\u00e0 kh\u00f4ng b\u1ecb ch\u1eb7n, trang \u0111\u00f3 d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng clickjacking.<\/p>\n<p>M\u1ed9t s\u1ed1<strong> k\u1ef9 thu\u1eadt check n\u00e2ng cao<\/strong> c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng \u0111o\u1ea1n m\u00e3 <a href=\"https:\/\/interdata.vn\/blog\/javascript-la-gi\/\">JavaScript<\/a> \u0111\u1ec3 ph\u00e1t hi\u1ec7n xem trang web c\u00f3 b\u1ecb nh\u00fang trong iframe hay kh\u00f4ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Su-dung-cong-cu-kiem-tra-bao-mat\"><\/span>S\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 ki\u1ec3m tra b\u1ea3o m\u1eadt<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ngo\u00e0i ra, c\u00f3 th\u1ec3 d\u00f9ng <strong>c\u00f4ng c\u1ee5 ki\u1ec3m tra b\u1ea3o m\u1eadt: <\/strong>C\u00e1c c\u00f4ng c\u1ee5 tr\u1ef1c tuy\u1ebfn cung c\u1ea5p c\u00e1ch ti\u1ebfp c\u1eadn nhanh ch\u00f3ng m\u00e0 kh\u00f4ng c\u1ea7n c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m. Nh\u1eefng n\u1ec1n t\u1ea3ng n\u00e0y ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch g\u1eedi y\u00eau c\u1ea7u \u0111\u1ebfn URL v\u00e0 ph\u00e2n t\u00edch c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/tham-so-parameter-la-gi\/\">tham s\u1ed1<\/a> b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c tr\u1ea3 v\u1ec1 t\u1eeb <a href=\"https:\/\/interdata.vn\/blog\/may-chu-server-la-gi\/\">m\u00e1y ch\u1ee7<\/a>.<\/p>\n<ul>\n<li><strong><a href=\"https:\/\/securityheaders.com\/\" rel=\"nofollow noopener\" target=\"_blank\">SecurityHeaders.com<\/a>:<\/strong> \u0110\u00e2y l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u1ec3 ph\u00e2n t\u00edch m\u1ee9c \u0111\u1ed9 an to\u00e0n c\u1ee7a c\u00e1c HTTP <a href=\"https:\/\/interdata.vn\/blog\/header-la-gi\/\">Header<\/a>. Ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 c\u1ea7n nh\u1eadp \u0111\u1ecba ch\u1ec9 website, h\u1ec7 th\u1ed1ng s\u1ebd tr\u1ea3 v\u1ec1 b\u1ea3ng \u0111\u00e1nh gi\u00e1 t\u1eeb A+ \u0111\u1ebfn F. N\u1ebfu thi\u1ebfu c\u1ea5u h\u00ecnh X-Frame-Options ho\u1eb7c CSP frame-ancestors, c\u00f4ng c\u1ee5 s\u1ebd hi\u1ec3n th\u1ecb c\u1ea3nh b\u00e1o \u0111\u1ecf ngay l\u1eadp t\u1ee9c.<\/li>\n<li><strong><a href=\"https:\/\/clickjacker.io\/\" rel=\"nofollow noopener\" target=\"_blank\">Clickjacker.io<\/a>:<\/strong> M\u1ed9t c\u00f4ng c\u1ee5 chuy\u00ean bi\u1ec7t ch\u1ec9 d\u00e0nh cho vi\u1ec7c th\u1eed nghi\u1ec7m Clickjacking. Giao di\u1ec7n n\u00e0y s\u1ebd c\u1ed1 g\u1eafng nh\u00fang URL c\u1ee7a b\u1ea1n v\u00e0o m\u1ed9t khung Iframe \u1ea9n. N\u1ebfu website hi\u1ec3n th\u1ecb \u0111\u01b0\u1ee3c b\u00ean trong khung \u0111\u00f3, \u0111i\u1ec1u n\u00e0y \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c h\u1ec7 th\u1ed1ng \u0111ang t\u1ed3n t\u1ea1i l\u1ed7 h\u1ed5ng <a href=\"https:\/\/interdata.vn\/blog\/ui-la-gi\/\">UI<\/a> Redressing.<\/li>\n<li><strong>Geekflare Online Test:<\/strong> Cung c\u1ea5p b\u00e1o c\u00e1o chi ti\u1ebft v\u1ec1 c\u00e1ch th\u1ee9c c\u00e1c tr\u00ecnh duy\u1ec7t hi\u1ec7n \u0111\u1ea1i x\u1eed l\u00fd khung h\u00ecnh \u0111\u1ed1i v\u1edbi website c\u1ee7a b\u1ea1n, gi\u00fap x\u00e1c \u0111\u1ecbnh c\u00e1c \u0111i\u1ec3m y\u1ebfu trong c\u1ea5u tr\u00fac ph\u1ea3n h\u1ed3i c\u1ee7a m\u00e1y ch\u1ee7.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Tien-ich-mo-rong-tren-trinh-duyet-Browser-Add-ons\"><\/span>Ti\u1ec7n \u00edch m\u1edf r\u1ed9ng tr\u00ean tr\u00ecnh duy\u1ec7t (Browser Add-ons)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u1ed1i v\u1edbi c\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/lap-trinh-la-gi\/\">l\u1eadp tr\u00ecnh<\/a> vi\u00ean c\u1ea7n ki\u1ec3m tra s\u00e2u h\u01a1n trong qu\u00e1 tr\u00ecnh ph\u00e1t tri\u1ec3n (Staging), c\u00e1c ti\u1ec7n \u00edch m\u1edf r\u1ed9ng cung c\u1ea5p kh\u1ea3 n\u0103ng quan s\u00e1t tr\u1ef1c ti\u1ebfp bi\u1ebfn \u0111\u1ed9ng c\u1ee7a Header tr\u00ean t\u1eebng phi\u00ean l\u00e0m vi\u1ec7c.<\/p>\n<ul>\n<li><strong>HackerBar (Chrome\/Firefox):<\/strong> M\u1ed9t c\u00f4ng c\u1ee5 h\u1ed7 tr\u1ee3 <a href=\"https:\/\/interdata.vn\/blog\/kiem-thu-xam-nhap-pentest-la-gi\/\">ki\u1ec3m th\u1eed x\u00e2m nh\u1eadp<\/a> (Penetration Testing) m\u1ea1nh m\u1ebd. Ti\u1ec7n \u00edch n\u00e0y cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng ki\u1ec3m tra nhanh kh\u1ea3 n\u0103ng nh\u00fang Iframe c\u1ee7a m\u1ed9t trang web ngay tr\u00ean thanh c\u00f4ng c\u1ee5 tr\u00ecnh duy\u1ec7t.<\/li>\n<li><strong>Wappalyzer:<\/strong> M\u1eb7c d\u00f9 chuy\u00ean v\u1ec1 ph\u00e2n t\u00edch c\u00f4ng ngh\u1ec7, Wappalyzer c\u0169ng hi\u1ec3n th\u1ecb c\u00e1c th\u00f4ng tin v\u1ec1 ti\u00eau \u0111\u1ec1 b\u1ea3o m\u1eadt m\u00e0 website \u0111ang s\u1eed d\u1ee5ng. \u0110i\u1ec1u n\u00e0y gi\u00fap ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb nhanh ch\u00f3ng nh\u1eadn di\u1ec7n l\u1edbp b\u1ea3o v\u1ec7 \u0111ang thi\u1ebfu s\u00f3t.<\/li>\n<li><strong>HTTP Header Spy:<\/strong> Ti\u1ec7n \u00edch n\u00e0y gi\u00fap theo d\u00f5i t\u1ea5t c\u1ea3 c\u00e1c ph\u1ea3n h\u1ed3i HTTP theo th\u1eddi gian th\u1ef1c. Khi truy c\u1eadp website, b\u1ea1n c\u00f3 th\u1ec3 ki\u1ec3m tra xem d\u00f2ng l\u1ec7nh X-Frame-Options: SAMEORIGIN c\u00f3 xu\u1ea5t hi\u1ec7n hay kh\u00f4ng.<\/li>\n<\/ul>\n<p>C\u00e1ch ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u1ec3 bi\u1ebft website c\u00f3 b\u1ecb clickjacking l\u00e0 ki\u1ec3m tra iframe nh\u00fang trang web m\u00ecnh v\u00e0o c\u00e1c trang kh\u00e1c v\u00e0 quan s\u00e1t c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng tr\u00ean giao di\u1ec7n v\u00e0 h\u00e0nh vi trang web khi truy c\u1eadp.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"So-sanh-Clickjacking-voi-CSRF-Phishing-XSS\"><\/span>So s\u00e1nh Clickjacking v\u1edbi CSRF, Phishing, XSS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Trong th\u1ebf gi\u1edbi b\u1ea3o m\u1eadt web, ng\u01b0\u1eddi m\u1edbi b\u1eaft \u0111\u1ea7u th\u01b0\u1eddng nh\u1ea7m l\u1eabn gi\u1eefa Clickjacking v\u00e0 c\u00e1c h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng kh\u00e1c. \u0110\u1ec3 hi\u1ec3u r\u00f5 h\u01a1n v\u1ec1 <strong>Clickjacking attack<\/strong>, h\u00e3y c\u00f9ng ph\u00e2n bi\u1ec7t n\u00f3 v\u1edbi <strong>CSRF<\/strong>, <strong>Phishing<\/strong> v\u00e0 <strong><a href=\"https:\/\/interdata.vn\/blog\/tan-cong-xss-la-gi\/\">XSS<\/a><\/strong>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Clickjacking-voi-CSRF-Cross-Site-Request-Forgery\"><\/span><strong>Clickjacking v\u1edbi CSRF (Cross-Site Request Forgery)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Clickjacking:<\/strong> T\u1ea5n c\u00f4ng v\u00e0o <strong>giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng (UI)<\/strong>. K\u1ebb t\u1ea5n c\u00f4ng l\u1eeba ng\u01b0\u1eddi d\u00f9ng click v\u00e0o m\u1ed9t ph\u1ea7n t\u1eed tr\u00ean giao di\u1ec7n b\u1ecb che l\u1ea5p.<\/li>\n<li><strong>CSRF:<\/strong> T\u1ea5n c\u00f4ng v\u00e0o <strong>y\u00eau c\u1ea7u c\u1ee7a ng\u01b0\u1eddi d\u00f9ng (request)<\/strong>. K\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng phi\u00ean l\u00e0m vi\u1ec7c \u0111\u00e3 x\u00e1c th\u1ef1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 g\u1eedi m\u1ed9t y\u00eau c\u1ea7u \u0111\u1ed9c h\u1ea1i t\u1eeb trang web c\u1ee7a h\u1ecd \u0111\u1ebfn m\u00e1y ch\u1ee7 c\u1ee7a trang web h\u1ee3p ph\u00e1p. Ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u1ea7n ph\u1ea3i click hay t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi giao di\u1ec7n.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Clickjacking-voi-Phishing\"><\/span><strong>Clickjacking v\u1edbi Phishing<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Clickjacking:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng giao di\u1ec7n c\u1ee7a trang web <strong>h\u1ee3p ph\u00e1p<\/strong> nh\u01b0ng b\u1ecb \u1ea9n, ng\u01b0\u1eddi d\u00f9ng v\u1eabn t\u01b0\u01a1ng t\u00e1c v\u1edbi trang web th\u1eadt.<\/li>\n<li><strong>Phishing:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o ra m\u1ed9t trang web <strong>gi\u1ea3 m\u1ea1o<\/strong> c\u00f3 giao di\u1ec7n gi\u1ed1ng h\u1ec7t trang web th\u1eadt. M\u1ee5c \u0111\u00edch l\u00e0 l\u1eeba ng\u01b0\u1eddi d\u00f9ng nh\u1eadp th\u00f4ng tin nh\u1ea1y c\u1ea3m (t\u00ean \u0111\u0103ng nh\u1eadp, m\u1eadt kh\u1ea9u) v\u00e0o trang gi\u1ea3 m\u1ea1o.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Clickjacking-voi-XSS-Cross-Site-Scripting\"><\/span><strong>Clickjacking v\u1edbi XSS (Cross-Site Scripting)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Clickjacking:<\/strong> T\u1ea5n c\u00f4ng d\u1ef1a tr\u00ean s\u1ef1 t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u1edbi <strong>giao di\u1ec7n<\/strong>.<\/li>\n<li><strong>XSS:<\/strong> T\u1ea5n c\u00f4ng b\u1eb1ng c\u00e1ch <strong>ch\u00e8n m\u00e3 \u0111\u1ed9c<\/strong> (th\u01b0\u1eddng l\u00e0 JavaScript) v\u00e0o trang web. Khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp, m\u00e3 \u0111\u1ed9c n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c thi tr\u00ean tr\u00ecnh duy\u1ec7t c\u1ee7a h\u1ecd, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp phi\u00ean l\u00e0m vi\u1ec7c, d\u1eef li\u1ec7u ho\u1eb7c chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t.<\/li>\n<\/ul>\n<p>M\u1ed7i h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng \u0111\u1ec1u c\u00f3 m\u1ed9t c\u01a1 ch\u1ebf ri\u00eang, tuy nhi\u00ean, t\u1ea5t c\u1ea3 \u0111\u1ec1u h\u01b0\u1edbng \u0111\u1ebfn m\u1ee5c \u0111\u00edch cu\u1ed1i c\u00f9ng l\u00e0 l\u1ee3i d\u1ee5ng ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"-5-Giai-phap-phong-chong-Clickjacking-hieu-qua-nhat\"><\/span>\u00a05 Gi\u1ea3i ph\u00e1p ph\u00f2ng ch\u1ed1ng Clickjacking hi\u1ec7u qu\u1ea3 nh\u1ea5t<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u00f3 nhi\u1ec1u bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng hi\u1ec7u qu\u1ea3 Clickjacking Attack, trong \u0111\u00f3 quan tr\u1ecdng nh\u1ea5t l\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p th\u1ef1c hi\u1ec7n ph\u00eda m\u00e1y ch\u1ee7 v\u00e0 tr\u00ecnh duy\u1ec7t:<\/p>\n<ul>\n<li>S\u1eed d\u1ee5ng Header HTTP X-Frame-Options v\u1edbi gi\u00e1 tr\u1ecb &#8220;DENY&#8221; (c\u1ea5m nh\u00fang trang web v\u00e0o iframe b\u1ea5t k\u1ef3 \u0111\u00e2u) ho\u1eb7c &#8220;SAMEORIGIN&#8221; (ch\u1ec9 cho ph\u00e9p nh\u00fang t\u1eeb c\u00f9ng ngu\u1ed3n). \u0110\u00e2y l\u00e0 c\u00e1ch ph\u1ed5 bi\u1ebfn v\u00e0 hi\u1ec7u qu\u1ea3 \u0111\u1ec3 ch\u1eb7n clickjacking tr\u00ean tr\u00ecnh duy\u1ec7t hi\u1ec7n \u0111\u1ea1i.<\/li>\n<li>\u00c1p d\u1ee5ng Content Security Policy (CSP) v\u1edbi ch\u1ec9 th\u1ecb frame-ancestors \u0111\u1ec3 ki\u1ec3m so\u00e1t ch\u00ednh x\u00e1c h\u01a1n c\u00e1c trang n\u00e0o \u0111\u01b0\u1ee3c ph\u00e9p nh\u00fang iframe, v\u00ed d\u1ee5 frame-ancestors &#8216;none&#8217; \u0111\u1ec3 c\u1ea5m ho\u00e0n to\u00e0n.<\/li>\n<li>H\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp ho\u1eb7c t\u0103ng c\u01b0\u1eddng x\u00e1c th\u1ef1c \u0111\u1ec3 gi\u1ea3m nguy c\u01a1 l\u1ea1m d\u1ee5ng c\u00e1c ch\u1ee9c n\u0103ng quan tr\u1ecdng.<\/li>\n<li>C\u1eadp nh\u1eadt tr\u00ecnh duy\u1ec7t v\u00e0 ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt \u0111\u1ec3 gi\u1ea3m thi\u1ec3u c\u00e1c l\u1ed7 h\u1ed5ng b\u1ecb l\u1ee3i d\u1ee5ng.<\/li>\n<li>Ngo\u00e0i ra, c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng th\u00eam c\u00e1c addon tr\u00ecnh duy\u1ec7t ho\u1eb7c ph\u1ea7n m\u1edf r\u1ed9ng b\u1ea3o v\u1ec7 ng\u01b0\u1eddi d\u00f9ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng clickjacking ph\u00eda m\u00e1y kh\u00e1ch.<\/li>\n<\/ul>\n<figure id=\"attachment_32828\" aria-describedby=\"caption-attachment-32828\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-32828\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-bien-phap-phong-chong-Clickjacking-Attack-hieu-qua.jpg\" alt=\"C\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng Clickjacking Attack hi\u1ec7u qu\u1ea3\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-bien-phap-phong-chong-Clickjacking-Attack-hieu-qua.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-bien-phap-phong-chong-Clickjacking-Attack-hieu-qua-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/08\/Cac-bien-phap-phong-chong-Clickjacking-Attack-hieu-qua-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-32828\" class=\"wp-caption-text\">C\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng Clickjacking Attack hi\u1ec7u qu\u1ea3<\/figcaption><\/figure>\n<p>K\u1ebft h\u1ee3p c\u00e1c bi\u1ec7n ph\u00e1p tr\u00ean s\u1ebd gi\u00fap b\u1ea3o v\u1ec7 website kh\u1ecfi clickjacking m\u1ed9t c\u00e1ch hi\u1ec7u qu\u1ea3 nh\u1ea5t hi\u1ec7n nay.<\/p>\n<p>Hi\u1ec3u r\u00f5 <strong>Clickjacking attack l\u00e0 g\u00ec<\/strong>, c\u00e1ch th\u1ee9c ho\u1ea1t \u0111\u1ed9ng v\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng l\u00e0 \u0111i\u1ec1u ki\u1ec7n ti\u00ean quy\u1ebft \u0111\u1ec3 x\u00e2y d\u1ef1ng m\u1ed9t website an to\u00e0n. V\u1edbi nh\u1eefng gi\u1ea3i ph\u00e1p nh\u01b0 <strong>X-Frame-Options<\/strong> v\u00e0 <strong>Content Security Policy<\/strong>, b\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng b\u1ea3o v\u1ec7 trang web c\u1ee7a m\u00ecnh kh\u1ecfi l\u1ed7 h\u1ed5ng nguy hi\u1ec3m n\u00e0y.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Clickjacking l\u00e0 m\u1ed9t trong nh\u1eefng k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o ph\u1ed5 bi\u1ebfn nh\u1ea5t m\u00e0 b\u1ea5t k\u1ef3 ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb website hay nh\u00e0 ph\u00e1t tri\u1ec3n n\u00e0o c\u0169ng c\u1ea7n bi\u1ebft \u0111\u1ec3 ch\u1ee7 \u0111\u1ed9ng ph\u00f2ng tr\u00e1nh. B\u00e0i vi\u1ebft n\u00e0y, InterData s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 b\u1ea3n ch\u1ea5t c\u1ee7a Clickjacking attack l\u00e0 g\u00ec, c\u00e1ch th\u1ee9c n\u00f3 ho\u1ea1t \u0111\u1ed9ng,<\/p>\n","protected":false},"author":11,"featured_media":32829,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-32823","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=32823"}],"version-history":[{"count":4,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32823\/revisions"}],"predecessor-version":[{"id":39021,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/32823\/revisions\/39021"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/32829"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=32823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=32823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=32823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}