Skip to main content

Advertisement

SpringerLink
Log in

Defining Cross-Site Scripting Attack Resilience Guidelines Based on BeEF Framework Simulation

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The number of people who use the Internet daily is steadily increasing. It makes daily chores easier and faster to do, but it also increases the danger of cyberattacks. Web-based solutions are frequently used to connect with manufacturing process monitoring, management, and supply chain communication in contemporary manufacturing systems and under Industry 4.0. Cross-Site Scripting assaults are one of the most widespread cyberattacks (XSS) forms. XSS attacks are examined in this study to provide a good foundation for attack simulation. The simulation was carried out with the help of the BeEF XSS framework. A basic HTML web page was developed to construct the malicious script for the simulation. The simulation data were gathered and evaluated to provide guidelines for preventing XSS attacks on end-users and Industry 4.0-like systems. This study provides reliable recommendations for improving end-user resilience against XSS attacks, which can help to mitigate the harmful impact of such attacks on Industry 4.0 systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

Not applicable.

Code availability

Not applicable.

References

  1. Cvitic I, Perakovic D, Perisa M, Botica M (2020) Definition of the IoT device classes based on network traffic flow features. In: L. K, M. B, D. P, M. P (eds) EAI/Springer Innovations in Communication and Computing. Springer, Cham, p 1–17. Available from http://link.springer.com/https://doi.org/10.1007/978-3-030-34272-2_1

  2. Peraković D, Periša M, Cvitić I, Zorić P (2020) Information and Communication Technologies for the Society 5.0 Environment. In: XXXVIII Simpozijum o novim tehnologijama u poštanskom i telekomunikacionom saobraćaju – POSTEL 2020.  University of Belgrade, Faculty of Transport and Traffic Engineering, Belgrade, p 203–12. Available from https://ebooks.sf.bg.ac.rs/index.php/FTTE/catalog/view/15/45/139-1

  3. Sołtysik-Piorunkiewicz A, Krysiak M (2020) The cyber threats analysis for web applications security in industry 4.0. In: Studies in Computational Intelligence. p 127–41. Available from http://link.springer.com/https://doi.org/10.1007/978-3-030-40417-8_8

  4. Gupta BB, Tewari A, Cvitić I, Peraković D, Chang X (2022) Artificial intelligence empowered emails classifier for internet of things based systems in industry 4.0. Wirel Netw 28(1):493–503. Available from https://link.springer.com/10.1007/s11276-021-02619-w

  5. Cvitić I, Peraković D, Periša M, Husnjak S (2019) An overview of distributed denial of service traffic detection approaches. PROMET - Traffic&Transportation 31(4):453–64. Available from https://traffic.fpz.hr/index.php/PROMTT/article/view/3082

  6. Gupta BB, Chaudhary P, Gupta S (2020) Designing a XSS defensive framework for web servers deployed in the existing smart city infrastructure. J Organ End User Comput 32(4):85–111

    Article  Google Scholar 

  7. Yusof I, Pathan A-SK (2014) Preventing persistent Cross-Site Scripting (XSS) attack by applying pattern filtering approach. In: The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M). IEEE, p 1–6. Available from http://ieeexplore.ieee.org/document/7020628/

  8. Johns M, Engelmann B, Posegga J (2008) XSSDS: Server-side detection of Cross-site Scripting attacks. In: Proceedings - Annual Computer Security Applications Conference, ACSAC. IEEE, p 335–44. Available from http://ieeexplore.ieee.org/document/4721570/

  9. Wurzinger P, Platzer C, Ludl C, Kirda E, Kruegel C (2009) SWAP: Mitigating XSS attacks using a reverse proxy. In: Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems, SESS 2009. University of Applied Science Wien, p 33–9

  10. Sawant H, Agaga S (2018) Web browser attack using BeEF framework [Internet]. p 1–7. Available from https://www.researchgate.net/publication/322398374_Web_Browser_Attack_Using_BeEF_Framework. Accessed 10 Mar 2020

  11. Dora JR, Nemoga K (2021) Ontology for Cross-Site-Scripting (XSS) attack in cybersecurity. J Cybersecur Priv 1(2):319–339

    Article  Google Scholar 

  12. Wibowo RM, Sulaksono A (2021) Web vulnerability through Cross Site Scripting (XSS) detection with OWASP security shepherd. Indonesian J Inform Syst 3(2):149

    Article  Google Scholar 

  13. Rodríguez GE, Torres JG, Flores P, Benavides DE (2020) Cross-site scripting (XSS) attacks and mitigation: A survey. Comput Netw 166:106960. Available from https://linkinghub.elsevier.com/retrieve/pii/S1389128619311247. Accessed 23 Jun 2020

  14. Fogie S, Grossman J, Hansen R, Rager A (2007) Cross site scripting attacks Xss exploits and defense. XSS Attacks. Syngress Publishing, Inc., Burlington

    Google Scholar 

  15. Mahmoud SK, Alfonse M, Roushdy MI, Salem ABM (2017) A comparative analysis of Cross Site Scripting (XSS) detecting and defensive techniques. In: 2017 IEEE 8th International Conference on Intelligent Computing and Information Systems, ICICIS 2017, p 36–42

  16. Nidecki TA (2019) What is persistent XSS? [Internet]. Available from https://www.acunetix.com/blog/articles/persistent-xss/. Accessed 11 Aug 2021

  17. Gupta BB, Chaudhary P (2020) Cross-site scripting attacks [Internet]. Cross-site scripting attacks. CRC Press, Boca Raton. Available from https://www.taylorfrancis.com/books/9781000049800. Accessed 18 May 2021

  18. Aucentix (2014) Non-persistent XSS [Internet]. Available from https://www.acunetix.com/blog/articles/non-persistent-xss/. Accessed 25 Jan 2021

  19. The OWASP® Foundation (2010) DOM based XSS [Internet], p 1–4. Available from https://owasp.org/www-community/attacks/DOM_Based_XSS. Accessed 22 Oct 2021

  20. Hégaret L, Whitmer R, Wood L (2009) W3C document object model: What is the document object model? [Internet]. Available from http://www.w3.org/TR/WD-DOM/introduction.html. Accessed 11 Nov 2021

  21. Gupta S, Gupta BB, Chaudhary P (2018) Hunting for DOM-Based XSS vulnerabilities in mobile cloud-based online social network. Future Gener Comput Syst 79:319–36. Available from https://linkinghub.elsevier.com/retrieve/pii/S0167739X17311068. Accessed 19 May 2021

  22. Stephens JC (2017) Application security statistics report. The case for DevSecOps. [Internet]. Vol.12, WhiteHat Security. Available from https://info.whitehatsec.com/rs/675-YBI-674/images/WHS2017ApplicationSecurityReportFINAL.pdf. Accessed 26 May 2021

  23. Positive Technologies (2017) Web application 2017 in review [Internet]. p 9. Available from https://www.ptsecurity.com/ww-en/analytics/web-application-attack-statistics-2017/. Accessed 23 Jun 2019

  24. Positive Technology (2019) Attacks on web applications: 2018 in review [Internet]. Available from https://www.ptsecurity.com/ww-en/analytics/web-application-attacks-2019/. Accessed 26 May 2021

  25. Edgescan (2021) Vulnerability statistics report 2021 [Internet]. Available from https://www.edgescan.com/infosecurity-europe-2019-survey-results. Accessed 18 Aug 2021

  26. GitHub (2020) Introducing BeEF - Browser Exploitation Framework [Internet]. beefproject. Available from https://github.com/beefproject/beef/wiki/Introducing-BeEF. Accessed 18 Jan 2022

  27. GitHub (2022) Metasploit framework [Internet]. rapid7. Available from https://github.com/rapid7/metasploit-framework/wiki. Accessed 22 Oct 2021

Download references

Author information

Authors and Affiliations

  1. Faculty of Transport and Traffic Sciences, University of Zagreb, Vukelićeva 4, 10000, Zagreb, Croatia

    Ivan Cvitić, Dragan Peraković, Marko Periša & Dominik Sever

Authors
  1. Ivan Cvitić
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dragan Peraković
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marko Periša
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dominik Sever
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Conceptualization: IC, DP, MP, DS; Methodology: IC, DP, DS; Formal analysis: IC, DS Investigation: IC, DS; Supervision: IC, DP; Visualization: MP, DS; Writing – original draft: IC, DP, DS; Writing – review & editing: DP, IC;

Corresponding author

Correspondence to Ivan Cvitić.

Ethics declarations

Conflicts of interest/Competing interests

 Not applicable.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cvitić, I., Peraković, D., Periša, M. et al. Defining Cross-Site Scripting Attack Resilience Guidelines Based on BeEF Framework Simulation. Mobile Netw Appl (2022). https://doi.org/10.1007/s11036-022-02052-z

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11036-022-02052-z

Keywords

Search

Navigation