Sciweavers

ESORICS
2009
Springer

Client-Side Detection of XSS Worms by Monitoring Payload Propagation

15 years 1 months ago
Client-Side Detection of XSS Worms by Monitoring Payload Propagation
Cross-site scripting (XSS) vulnerabilities make it possible for worms to spread quickly to a broad range of users on popular Web sites. To date, the detection of XSS worms has been largely unexplored. This paper proposes the first purely client-side solution to detect XSS worms. Our insight is that an XSS worm must spread from one user to another by reconstructing and propagating its payload. Our approach prevents the propagation of XSS worms by monitoring outgoing requests that send self-replicating payloads. We intercept all HTTP requests on the client side and compare them with currently embedded scripts. We have implemented a cross-platform Firefox extension that is able to detect all existing self-replicating XSS worms that propagate on the client side. Our test results show that it incurs low performance overhead and reports no false positives when tested on popular Web sites.
Fangqi Sun, Liang Xu, Zhendong Su
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where ESORICS
Authors Fangqi Sun, Liang Xu, Zhendong Su
Comments (0)