Loading vulnerability page...

Interactive attack atlas

Choose any tab from the left. This animation shows how a harmless-looking click can be redirected through hidden interface layers.

Clickjacking Layered UI trick Smooth visual walkthrough
How to do it
UI deception

Clickjacking Layer Reveal

Start the demo to see one button split into layers and reveal the hidden action underneath.

Step-by-step
Press play to begin the layered reveal.
Hidden target Delete Account
Visible action Allow Login
Normal button Normal Button

What the attacker wanted

Even after the interface looks normal again, the hidden click can still push through the dangerous action the attacker aimed for.

Press play to watch the button separate into layers and reveal the hidden target.

Quick understanding

1. A harmless-looking button appears and gains the user’s trust.
2. The interface separates into stacked layers behind that button.
3. One layer shows what the victim thinks they clicked.
4. A deeper layer reveals the action the attacker really wanted.
5. The layers return to one button, then the result appears after a short pause.

Real tips to avoid this

Avoid clicking sensitive actions inside strange embedded pages or unexpected popups. Open the trusted site directly instead.
Understanding

Clickjacking is an interface illusion. The visible control looks harmless, but layered elements underneath can capture the user’s action.

Why it matters

A user may unknowingly confirm, allow, or trigger something different from what they believed they clicked.

Defense mindset

Use strong frame protections, confirmation steps for sensitive actions, and visible UI boundaries that resist hidden overlays.

Common signs

Unexpected overlays, oddly positioned clicks, or surprising actions after a harmless tap can indicate a layered UI trick.

FramesLayersConsentUI trust