XSS-FP: Browser Fingerprinting using HTML Parser Quirks

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to

Client Side Script Phishing Attacks Detection Method using Active Content Popularity Monitoring

The phisher can attack the client side script by means of threatening information which affects the majority of online users in sequence. The malicious users steal a variety of sensitive information from financial organizations in order to run nameless client side script in the phishing attack. In most of the time, the consumer will ignore association script and popup windows which in turn run a set of malicious processes and send the sensitive information to the remote sites. To secure consumers by limiting the client side script, an effective Client Side Script Phishing Attack Detection (CSSPAD) method is proposed to detect the client side script phishing attacks. The proposed methodis based on Active Content Popularity Monitoring (ACPM) and client script classification methods. This method categorizes the client side script according to a mixture of factors like the quantity of information being transferred by the script, the parent information of the script is being accessed. The proposed method computes the active time of the script, amount of data transferred and popularity of the webpage

Design and Implementation of an IoT-Based Smart Home Security System

Recent advances in smartphones and affordable open-source hardware platforms have enabled the development of low-cost architectures for Internet-of-Things (IoT)-enabled home automation and security systems. These systems usually consist of sensing and actuating layer that is made up of sensors such as passive infrared sensors, also known as motion sensors; temperature sensors; smoke sensors, and web cameras for security surveillance. These sensors, smart electrical appliances, and other IoT devices connect to the Internet through a home gateway. This paper lays out an architecture for a cost-effective smart door sensor that will inform a user through an Android application, of door open events in a house or office environment. The proposed architecture uses an Arduino-compatible Elegoo Mega 2560 microcontroller board along with the Raspberry Pi 2 board for communicating with a web server that implements a RESTful API. Several programming languages are used in the implementation and further applications of the door sensor are discussed as well as some of its shortcomings such as possible interference from other radio frequency devices

Browser Web Storage Vulnerability Investigation: HTML5 localStorage Object

Along with the introduction of HTML5 a new data storage technique, Web Storage, has been added to browsers. This technique stores larger amounts of data for an extended period of time on a client system. This technology does not (as of this writing) have a fully implemented interface to support end user control. The authors interest is modeling the use of Web Storage to store illicit data. The authors built a web application that would take a file, encrypt it, split it into multiple parts and distribute it to as many clients as possible. At a later time, the system could then watch for return visits and retrieve data parts as clients interact with a host website. The recidivism rate of clients returning to the host website and the number of copies of each distributed part needed to achieve a reliable recovery rate of the entire file are under study

Modeling of HTTP Request with Regular Expression for Slow HTTP DoS Attack Detection

The availability of Web Service is the most important thing to be guaranteed, but there are many threats to the Web Service particularly from the internet, one of the famous methods is Slow HTTP DoS Attack. There are many research projects about this topic before, but there is always the possibility to increase the accuracy rate and minimizing the False Positive Rate and should be considered to use it at the small and medium scale of network infrastructure. In this research, another IDS method was used to find a better result for Slow HTTP DoS Attack detection through modeling HTTP Request based on Regular Expression. Detection patterns made from HTTP Request Traffic of some popular Web Browsers then looked for the similarity of the HTTP Request Traffic using Needleman Wunsch algorithm. This pattern was negated at the important part of HTTP Request headers, then converted to Regular Expression. New Pattern in Regular Expression was inserted to the L7-Filter that part of Netfilter. This method has been proved to detect Slow HTTP DoS Attack with 100% accuracy and False Positive Rate 0%