XSS Worm Propagation and Detection in Online Social Network

Cross-site scripting (XSS) vulnerabilities make it possible for worm to spread quickly to a broad range of users on popular web sites. Today, the detection of XSS worm has been largely UN explored. This paper proposes the first purely client-side solution to detect XSS worms. Our sight is that an XSS worm must spread from one user to another by reconstructing and propagating its payload. Our approach prevents the propagation of XSS worms by monitoring out going request that sends self-replicating pay loads. We intercept all HTTP request on the client side and compare them with currently embedded scripts. We have implemented a cross-platform Firefox extension that is able to detect all existing self-replicating XSS worms that propagate on the client side. Our test results show that it incurs low performance overhead and reports no false positive when tested on popular web-sites.