Welcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.Close
About this Add-on
Likejacking is a form of Clickjacking – a social engineering attack whereby victims are tricked into clicking on one or more hidden links on a page. With Likejacking, attackers exploit the Facebook ‘Like’ button and other Facebook widgets, to spread spam and propagate scams by tricking users into advertising the malicious content via their own Facebook profiles.
This extension offerstwo main features:
- Information about the page: Does it contain Facebook widgets? Are these widgets hidden?
- Protection: Require explicit confirmation from the user when clicking on a Facebook widget on a suspicious page
An icon is displayed in the URL bar when a page contains at least one Facebook widget. If the page is suspicious, meaning hidden widgets were detected, the icon has a red background. You can use http://www.zscaler.com/research/plugins/likejacking/example.htm as an example of a suspicious page for testing purposes.
You can get more information on the page by clicking on the icon, or "More options" in Safari:
- How many widgets were found on the page
- Whether the page is suspicious or not
- What protection was applied on the Facebook widgets
The toolbar also lets users perform certain actions on the page. A user can whitelist the current domain (see details below), manage their preferences, or display the hidden Facebook widgets on the page.
Users can also report back to Zscaler any page that was classified improperly by clicking on "Report an error". This will open a new tab in the user’s browser and send them to a form on the zscaler.com website. We will use this information to improve the add-on.
The extension can modify the source of the page (opacity, height, weight, z-index, overflow, etc.). You can try this feature on the Zscaler test page - http://www.zscaler.com/research/plugins/likejacking/example.htm.