SLGP Header

Prevention of XSS Attack by IP Defending Mechanism

IJEECC Front Page

Hacking has become a recent threat faced by many people and there are more script kiddies wanting to steal other’s personal information just for fun and also to gain fame and recognition. One can easily hack into others mail or website using various techniques like cross site scripting (XSS), phishing, key loggers, social engineering, and SQL-injection attacks and so on. These attacks make use of vulnerabilities in the code of web applications, resulting in serious consequences such as theft of cookies, passwords and other personal credentials. Cross Site Scripting (XSS) make victims execute an arbitrary script and leak out personal information from victim’s computer. An adversary can easily get victims cookie by the XSS attack in the existing system the verification process is weak and do not provide much efficiency in protecting our details of the account. Here we suggest a multilevel security to the users account, using the IP Defending Mechanism which gives you 24*7 protections to your account even when you are offline. When the hacker tries to breech the security, IP Defending Mechanism allows the user to block the intruder.
Keywords:Cookies, Cross Site Scripting, HTTP, IP Defending Mechanism, Web Application.
Today the Internet is widely used all over the world. More the Internet is used more the security of computer is demanded. Web Applications have become one of the most important means of communication between various kinds of users and service providers. In World Wide Web, web browsers and web applications communicate to each other through HTTP. The HTTP is a stateless protocol [1] which the web browsers send requests for resources and the web applications supply those resources, no session states are retained. The web applications generally use cookies to provide a mechanism for creating state full HTTP sessions.The cookies are supported by nearly all modern browsers and therefore allow for a greater flexibility in how user sessions are managed by the web applications. For web applications that require authentications, they often use the cookies to store session IDs, and then pass the cookies to user after they have been authenticated. The cookies are stored in the user’s web browser. The web browser returns the cookies every time it needs to reconnect as a part of an active session and then the web application associates the cookies with the user. As the cookies can both identify and authenticate the user, this makes the cookies a very interesting target for attackers. In Many cases, the attackers who can obtain valid cookies of the user session can use them to directly enter that session.XSS attack is one of the popular attacks which is often used to steal the cookies using malicious script. The malicious script on executing steals the cookies of the user from a browser’s database and sends them to the attacker who can then use them for malicious script. The malicious script on executing steals the cookies of the user from a browser’s database and sends them to the attacker who can then use them for malicious purposes. With the cookies of the user in and, the attacker can impersonate the user and then acts instead of that user and interact with the web application .The remainder of this paper is organized as follows. Section II discusses topics which are related to proposed approach: Cookie mechanism, XSS attack and its types, protection of cookies. Section III presents the approach in section IV. Finally, we conclude and also brief the future work in Section V.


  1. Joon S. Park, Ravi Sandhu, Secure Cookies on the Web, 3rd ed. IEEE INTERNET COMPUTING, pp.36-44, JULY - AUGUST 2000.
  2. Vorapranee Khu-smith, Chris Mitchell, Enhancing the Security of Cookies, ICICS 2001, LNCS 288, pp.132- 145, 2002.
  3. JNV (Japan Vulnerability Notes) ipedia, CWE-79, Cross Site Scripting, cwe/CWE- 79.html.
  4. IPA Security Center, Report on Vulnerability-related Information of Software,
  5. Hiromitsu Takagi, Satoshi Sekiguchi, Kazuhito Omaki, A Case Study in How E-commerce Sites Are Vulnerable To the ”Cross-Site Scripting” Attack, IPSJ, Com- puter Security Symposium 2001 (CSS2001), pp.247- 252, 2001.
  6. Hiroki Takahashi, Omar Ismail, Youki Kadobayashi, Suguru Yamaguchi, A Proposal and Implementation of automatic Detection/ Collection System for Cross- Site Scripting Vulnerabilities, IPSJ, IEICE Technical Research Report, Vol.103, No.62, IA2003-6, pp.31-36, 2003.
  7. D. Kristol, L. Montulli, HTTP State Management Mechanism, IETF Documents IETF Tools,
  8. Rattipong Putthacharoen, Pratheep Bunyatnoparat, Pro- tecting Cookies from Cross Site Script Attacks Using Dynamic Cookies Rewriting Technique, ICACT 2011, ISBN 978-89-5519-155-4, pp.1090-1094, Feb 2011.
  9. Alfred J. Menezes, Paul C. van Oorischot, Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, ISBN: 0-8493-8523-7, 1997.
  10. Alcorna, W. Cross-site scripting viruses and worms–a new attack vector. Journal of Network Security, 2006(7):7–8, Elsevier, July 2006. [2]