Client Side Filter Enhancement using Web Proxy

In early days, web pages always use a state for keeping an authentication state between browsers and web applications called cookies, these cookies are sent to the browser by the web server's after the users have been successfully authenticated. Every request that contains the valid cookies will be automatically allowed by the web sites without any further check. The cookies are used to identify and authenticate the client; therefore they are an interesting target for web attackers. Cross Site Scripting attack (XSS) is the popular attacks which is often used to steal the information from a client machines. If any cookie has been stolen by the unauthenticated users then essential and sensitive information will be disclosed. In this paper, we introduce a new technique for securing cookies from unauthorized users called "Dynamic Cookies rewriting", this technique aims to make the cookies meaningless for XSS attacks. Our technique is implemented in a web proxy where it will automatically randomize the cookie value that is sent back and forth between the users and the web applications.