Strategies and Challenges in Detecting XSS Vulnerabilities Using an Innovative Cookie Collector

Rodríguez-Galán, Germán; Benavides-Astudillo, Eduardo; Nuñez-Agurto, Daniel; Puente-Ponce, Pablo; Cárdenas-Delgado, Sonia; Loachamín-Valencia, Mauricio

Strategies and Challenges in Detecting XSS Vulnerabilities Using an Innovative Cookie Collector

Germán Rodríguez-Galán (), Eduardo Benavides-Astudillo, Daniel Nuñez-Agurto, Pablo Puente-Ponce, Sonia Cárdenas-Delgado and Mauricio Loachamín-Valencia
Additional contact information
Germán Rodríguez-Galán: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Sangolquí 171103, Ecuador
Eduardo Benavides-Astudillo: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Tsáchilas, Parroquia Luz de América 230118, Ecuador
Daniel Nuñez-Agurto: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Tsáchilas, Parroquia Luz de América 230118, Ecuador
Pablo Puente-Ponce: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Tsáchilas, Parroquia Luz de América 230118, Ecuador
Sonia Cárdenas-Delgado: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Sangolquí 171103, Ecuador
Mauricio Loachamín-Valencia: Departamento de Ciencias de la Computación, Universidad de las Fuerzas Armadas-ESPE, Sangolquí 171103, Ecuador

Future Internet, 2025, vol. 17, issue 7, 1-30

Abstract: This study presents a system for automatic cookie collection using bots that simulate user browsing behavior. Five bots were deployed, one for each of the most commonly used university browsers, enabling comprehensive data collection across multiple platforms. The infrastructure included an Ubuntu server with PiHole and Tshark services, facilitating cookie classification and association with third-party advertising and tracking networks. The BotSoul algorithm automated navigation, analyzing 440,000 URLs over 10.9 days with uninterrupted bot operation. The collected data established relationships between visited domains, generated cookies, and captured traffic, providing a solid foundation for security and privacy analysis. Machine learning models were developed to classify suspicious web domains and predict their vulnerability to XSS attacks. Additionally, clustering algorithms enabled user segmentation based on cookie data, identification of behavioral patterns, enhanced personalized web recommendations, and browsing experience optimization. The results highlight the system’s effectiveness in detecting security threats and improving navigation through adaptive recommendations. This research marks a significant advancement in web security and privacy, laying the groundwork for future improvements in protecting user information.

Keywords: XSS; cookies; first-party; third-party (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/7/284/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/7/284/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:7:p:284-:d:1687896

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().