Skip to main content

Basic clickjacking with CSRF token protection

$ tldr PortSwigger · Clickjacking

Solve the lab

Resources by skill

Clickjacking · CSRF (Cross-Site Request Forgery)

Comments & tips

Solved this lab a different way? Share it here — comments live in GitHub Discussions.
Last updated: 2026-05-08