Framesniffing is a method an attacker can use to gather information from a website that you are visiting. The attack uses html anchors to identify pieces of information on the web page.
An anchor is a way for html to identify certain pieces of html code to allow the user to jump to that section of the page. For example if you wanted the user to jump to the login section of a webpage

http://www.someurl.com/login#Login

The #Login is the anchor of the page, it is represented with the the ‘id’ attribute, so in our example it would be

… Modern websites have several anchors embedded within them.

An attacker could trick a user into loading a page he controls and using an IFRAME load another page using the anchor, and if the page ‘jumps’ the attacker has found what he is looking for.
By using a websites internal search functions and anchors an attacker can search for specific pieces of information. Most search functions allow the user to use wildcards, such as ‘*’.

http://www.someurl.com/search.aspx?q=w*#NoResults

If the above page ‘jumps’ the attacker knows that no results have been found, but if it doesn’t jump then they have found what they are looking for. They can use this method to narrow down what they are looking for.

Framesniffing can be disabled if the website sends the “X-Frame-Options” header. The possible values for X-Frame-Options are

Deny
SAMEORIGIN

Setting it to deny will deny loading the page in an IFRAME and SAMEORIGIN will only allow loading the page from the same domain.

. As the time of this writing, I was not able to find a method to prevent this via the web browser (except firefox has fixed this issue)

Advertisements