Abstract
The number of people who use the Internet daily is steadily increasing. It makes daily chores easier and faster to do, but it also increases the danger of cyberattacks. Web-based solutions are frequently used to connect with manufacturing process monitoring, management, and supply chain communication in contemporary manufacturing systems and under Industry 4.0. Cross-Site Scripting assaults are one of the most widespread cyberattacks (XSS) forms. XSS attacks are examined in this study to provide a good foundation for attack simulation. The simulation was carried out with the help of the BeEF XSS framework. A basic HTML web page was developed to construct the malicious script for the simulation. The simulation data were gathered and evaluated to provide guidelines for preventing XSS attacks on end-users and Industry 4.0-like systems. This study provides reliable recommendations for improving end-user resilience against XSS attacks, which can help to mitigate the harmful impact of such attacks on Industry 4.0 systems.
Similar content being viewed by others
Data availability
Not applicable.
Code availability
Not applicable.
References
Cvitic I, Perakovic D, Perisa M, Botica M (2020) Definition of the IoT device classes based on network traffic flow features. In: L. K, M. B, D. P, M. P (eds) EAI/Springer Innovations in Communication and Computing. Springer, Cham, p 1–17. Available from http://link.springer.com/https://doi.org/10.1007/978-3-030-34272-2_1
Peraković D, Periša M, Cvitić I, Zorić P (2020) Information and Communication Technologies for the Society 5.0 Environment. In: XXXVIII Simpozijum o novim tehnologijama u poštanskom i telekomunikacionom saobraćaju – POSTEL 2020. University of Belgrade, Faculty of Transport and Traffic Engineering, Belgrade, p 203–12. Available from https://ebooks.sf.bg.ac.rs/index.php/FTTE/catalog/view/15/45/139-1
Sołtysik-Piorunkiewicz A, Krysiak M (2020) The cyber threats analysis for web applications security in industry 4.0. In: Studies in Computational Intelligence. p 127–41. Available from http://link.springer.com/https://doi.org/10.1007/978-3-030-40417-8_8
Gupta BB, Tewari A, Cvitić I, Peraković D, Chang X (2022) Artificial intelligence empowered emails classifier for internet of things based systems in industry 4.0. Wirel Netw 28(1):493–503. Available from https://link.springer.com/10.1007/s11276-021-02619-w
Cvitić I, Peraković D, Periša M, Husnjak S (2019) An overview of distributed denial of service traffic detection approaches. PROMET - Traffic&Transportation 31(4):453–64. Available from https://traffic.fpz.hr/index.php/PROMTT/article/view/3082
Gupta BB, Chaudhary P, Gupta S (2020) Designing a XSS defensive framework for web servers deployed in the existing smart city infrastructure. J Organ End User Comput 32(4):85–111
Yusof I, Pathan A-SK (2014) Preventing persistent Cross-Site Scripting (XSS) attack by applying pattern filtering approach. In: The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M). IEEE, p 1–6. Available from http://ieeexplore.ieee.org/document/7020628/
Johns M, Engelmann B, Posegga J (2008) XSSDS: Server-side detection of Cross-site Scripting attacks. In: Proceedings - Annual Computer Security Applications Conference, ACSAC. IEEE, p 335–44. Available from http://ieeexplore.ieee.org/document/4721570/
Wurzinger P, Platzer C, Ludl C, Kirda E, Kruegel C (2009) SWAP: Mitigating XSS attacks using a reverse proxy. In: Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems, SESS 2009. University of Applied Science Wien, p 33–9
Sawant H, Agaga S (2018) Web browser attack using BeEF framework [Internet]. p 1–7. Available from https://www.researchgate.net/publication/322398374_Web_Browser_Attack_Using_BeEF_Framework. Accessed 10 Mar 2020
Dora JR, Nemoga K (2021) Ontology for Cross-Site-Scripting (XSS) attack in cybersecurity. J Cybersecur Priv 1(2):319–339
Wibowo RM, Sulaksono A (2021) Web vulnerability through Cross Site Scripting (XSS) detection with OWASP security shepherd. Indonesian J Inform Syst 3(2):149
Rodríguez GE, Torres JG, Flores P, Benavides DE (2020) Cross-site scripting (XSS) attacks and mitigation: A survey. Comput Netw 166:106960. Available from https://linkinghub.elsevier.com/retrieve/pii/S1389128619311247. Accessed 23 Jun 2020
Fogie S, Grossman J, Hansen R, Rager A (2007) Cross site scripting attacks Xss exploits and defense. XSS Attacks. Syngress Publishing, Inc., Burlington
Mahmoud SK, Alfonse M, Roushdy MI, Salem ABM (2017) A comparative analysis of Cross Site Scripting (XSS) detecting and defensive techniques. In: 2017 IEEE 8th International Conference on Intelligent Computing and Information Systems, ICICIS 2017, p 36–42
Nidecki TA (2019) What is persistent XSS? [Internet]. Available from https://www.acunetix.com/blog/articles/persistent-xss/. Accessed 11 Aug 2021
Gupta BB, Chaudhary P (2020) Cross-site scripting attacks [Internet]. Cross-site scripting attacks. CRC Press, Boca Raton. Available from https://www.taylorfrancis.com/books/9781000049800. Accessed 18 May 2021
Aucentix (2014) Non-persistent XSS [Internet]. Available from https://www.acunetix.com/blog/articles/non-persistent-xss/. Accessed 25 Jan 2021
The OWASP® Foundation (2010) DOM based XSS [Internet], p 1–4. Available from https://owasp.org/www-community/attacks/DOM_Based_XSS. Accessed 22 Oct 2021
Hégaret L, Whitmer R, Wood L (2009) W3C document object model: What is the document object model? [Internet]. Available from http://www.w3.org/TR/WD-DOM/introduction.html. Accessed 11 Nov 2021
Gupta S, Gupta BB, Chaudhary P (2018) Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network. Future Gener Comput Syst 79:319–36. Available from https://linkinghub.elsevier.com/retrieve/pii/S0167739X17311068. Accessed 19 May 2021
Stephens JC (2017) Application security statistics report. The case for DevSecOps. [Internet]. Vol.12, WhiteHat Security. Available from https://info.whitehatsec.com/rs/675-YBI-674/images/WHS2017ApplicationSecurityReportFINAL.pdf. Accessed 26 May 2021
Positive Technologies (2017) Web application 2017 in review [Internet]. p 9. Available from https://www.ptsecurity.com/ww-en/analytics/web-application-attack-statistics-2017/. Accessed 23 Jun 2019
Positive Technology (2019) Attacks on web applications: 2018 in review [Internet]. Available from https://www.ptsecurity.com/ww-en/analytics/web-application-attacks-2019/. Accessed 26 May 2021
Edgescan (2021) Vulnerability statistics report 2021 [Internet]. Available from https://www.edgescan.com/infosecurity-europe-2019-survey-results. Accessed 18 Aug 2021
GitHub (2020) Introducing BeEF - Browser Exploitation Framework [Internet]. beefproject. Available from https://github.com/beefproject/beef/wiki/Introducing-BeEF. Accessed 18 Jan 2022
GitHub (2022) Metasploit framework [Internet]. rapid7. Available from https://github.com/rapid7/metasploit-framework/wiki. Accessed 22 Oct 2021
Author information
Authors and Affiliations
Contributions
Conceptualization: IC, DP, MP, DS; Methodology: IC, DP, DS; Formal analysis: IC, DS Investigation: IC, DS; Supervision: IC, DP; Visualization: MP, DS; Writing – original draft: IC, DP, DS; Writing – review & editing: DP, IC;
Corresponding author
Ethics declarations
Conflicts of interest/Competing interests
Not applicable.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Cvitić, I., Peraković, D., Periša, M. et al. Defining Cross-Site Scripting Attack Resilience Guidelines Based on BeEF Framework Simulation. Mobile Netw Appl (2022). https://doi.org/10.1007/s11036-022-02052-z
Accepted:
Published:
DOI: https://doi.org/10.1007/s11036-022-02052-z