Hunting Cross-Site Scripting Attacks in the Network

CROSS-Site Scripting (XSS) attacks in web applications are considered a major threat. In a yearly basis, large IT security vendors export statistics that highlight the need for designing and implementing more efficient countermeasures for securing modern web applications and web users. So far, all these studies are carried out by IT security vendors. The academic community lacks of the tools for performing similar studies for quantifying various properties of XSS attacks. In this paper, the authors present xHunter, a tool that takes as input a web trace and scans it for identifying possible XSS exploits.