{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T22:49:36Z","timestamp":1774306176936,"version":"3.50.1"},"reference-count":57,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T00:00:00Z","timestamp":1750896000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>This study presents a system for automatic cookie collection using bots that simulate user browsing behavior. Five bots were deployed, one for each of the most commonly used university browsers, enabling comprehensive data collection across multiple platforms. The infrastructure included an Ubuntu server with PiHole and Tshark services, facilitating cookie classification and association with third-party advertising and tracking networks. The BotSoul algorithm automated navigation, analyzing 440,000 URLs over 10.9 days with uninterrupted bot operation. The collected data established relationships between visited domains, generated cookies, and captured traffic, providing a solid foundation for security and privacy analysis. Machine learning models were developed to classify suspicious web domains and predict their vulnerability to XSS attacks. Additionally, clustering algorithms enabled user segmentation based on cookie data, identification of behavioral patterns, enhanced personalized web recommendations, and browsing experience optimization. The results highlight the system\u2019s effectiveness in detecting security threats and improving navigation through adaptive recommendations. This research marks a significant advancement in web security and privacy, laying the groundwork for future improvements in protecting user information.<\/jats:p>","DOI":"10.3390\/fi17070284","type":"journal-article","created":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T06:55:13Z","timestamp":1750920913000},"page":"284","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Strategies and Challenges in Detecting XSS Vulnerabilities Using an Innovative Cookie Collector"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5663-2216","authenticated-orcid":false,"given":"Germ\u00e1n","family":"Rodr\u00edguez-Gal\u00e1n","sequence":"first","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Sangolqu\u00ed 171103, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4543-0082","authenticated-orcid":false,"given":"Eduardo","family":"Benavides-Astudillo","sequence":"additional","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Ts\u00e1chilas, Parroquia Luz de Am\u00e9rica 230118, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7737-3815","authenticated-orcid":false,"given":"Daniel","family":"Nu\u00f1ez-Agurto","sequence":"additional","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Ts\u00e1chilas, Parroquia Luz de Am\u00e9rica 230118, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8884-6905","authenticated-orcid":false,"given":"Pablo","family":"Puente-Ponce","sequence":"additional","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Santo Domingo de los Ts\u00e1chilas, Parroquia Luz de Am\u00e9rica 230118, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5571-8939","authenticated-orcid":false,"given":"Sonia","family":"C\u00e1rdenas-Delgado","sequence":"additional","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Sangolqu\u00ed 171103, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4164-1966","authenticated-orcid":false,"given":"Mauricio","family":"Loacham\u00edn-Valencia","sequence":"additional","affiliation":[{"name":"Departamento de Ciencias de la Computaci\u00f3n, Universidad de las Fuerzas Armadas-ESPE, Sangolqu\u00ed 171103, Ecuador"},{"name":"Departamento de Inform\u00e1tica y Ciencias de la Computaci\u00f3n, Escuela Polit\u00e9cnica Nacional, Quito 170525, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,6,26]]},"reference":[{"key":"ref_1","unstructured":"QAwerk (2025, May 19). CISA Urges Software Devs to Weed Out XSS Vulnerabilities. Available online: https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-urges-software-devs-to-weed-out-xss-vulnerabilities\/."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Bates, D., Barth, A., and Jackson, C. (2010, January 26\u201330). Regular expressions considered harmful in client-side XSS filters. Proceedings of the 19th International Conference on World Wide Web (WWW\u201910), Raleigh, NC, USA.","DOI":"10.1145\/1772690.1772701"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Johns, M., Engelmann, B., and Posegga, J. (2008, January 8\u201312). XSSDS: Server-Side Detection of Cross-Site Scripting Attacks. Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC), Washington, DC, USA.","DOI":"10.1109\/ACSAC.2008.36"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Melicher, W., Das, A., Sharif, M., Bauer, L., and Jia, L. (2018, January 18\u201321). Riding out DOMsday: Towards Detecting and Preventing DOM Cross-Site Scripting. Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA.","DOI":"10.14722\/ndss.2018.23309"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Lekies, S., Stock, B., and Johns, M. (2013, January 4\u20138). 25 million flows later: Large-scale detection of DOM-based XSS. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS\u201813), Berlin, Germany.","DOI":"10.1145\/2508859.2516703"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Wassermann, G., and Su, Z. (2008, January 10\u201318). Static detection of cross-site scripting vulnerabilities. Proceedings of the 30th International Conference on Software Engineering (ICSE\u201908), Leipzig, Germany.","DOI":"10.1145\/1368088.1368112"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Kerschbaum, F. (2007, January 17\u201321). Simple cross-site attack prevention. Proceedings of the 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops\u2014SecureComm 2007, Nice, France.","DOI":"10.1109\/SECCOM.2007.4550368"},{"key":"ref_8","unstructured":"Havryliuk, V. (2025, May 19). \u00bfQu\u00e9 es Cross-Site Scripting (XSS) y C\u00f3mo Prevenirlo?. Available online: https:\/\/qawerk.es\/blog\/que-es-cross-site-scripting\/."},{"key":"ref_9","unstructured":"Atluri, V., and Diaz, C. A Systematic Analysis of XSS Sanitization in Web Application Frameworks. Proceedings of the Computer Security\u2014ESORICS 2011."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., and Vigna, G. (2008, January 18\u201322). Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008), Oakland, CA, USA.","DOI":"10.1109\/SP.2008.22"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Parameshwaran, I., Budianto, E., Shinde, S., Dang, H., Sadhu, A., and Saxena, P. (September, January 30). DexterJS: Robust testing platform for DOM-based XSS vulnerabilities. Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC\/FSE 2015), Bergamo, Italy.","DOI":"10.1145\/2786805.2803191"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"3966","DOI":"10.1002\/sec.1579","article-title":"XSS-immune: A Google chrome extension-based XSS defensive framework for contemporary platforms of web applications","volume":"9","author":"Gupta","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_13","unstructured":"Lekies, S., Stock, B., Wentzel, M., and Johns, M. (2015, January 12\u201314). The unexpected dangers of dynamic JavaScript. Proceedings of the 24th USENIX Conference on Security Symposium (SEC\u201915), Washington, DC, USA."},{"key":"ref_14","unstructured":"Stock, B., Lekies, S., Mueller, T., Spiegel, P., and Johns, M. (2014, January 20\u201322). Precise client-side protection against DOM-based cross-site scripting. Proceedings of the 23rd USENIX conference on Security Symposium (SEC\u201914), San Diego, CA, USA."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Fang, Y., Li, Y., Liu, L., and Huang, C. (2018, January 12\u201314). DeepXSS: Cross Site Scripting Detection Based on Deep Learning. Proceedings of the 2018 International Conference on Computing and Artificial Intelligence (ICCAI\u201918), Chengdu, China.","DOI":"10.1145\/3194452.3194469"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Pan, X., Cao, Y., Liu, S., Zhou, Y., Chen, Y., and Zhou, T. (2016, January 24\u201328). CSPAutoGen: Black-box Enforcement of Content Security Policy upon Real-world Websites. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201916), Vienna, Austria.","DOI":"10.1145\/2976749.2978384"},{"key":"ref_17","first-page":"1","article-title":"BIXSAN: Browser independent XSS sanitizer for prevention of XSS attacks","volume":"36","author":"Selvakumar","year":"2011","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"ref_18","unstructured":"Report, M. (2025, May 19). XSS: La Vulnerabilidad Web que Puede Derribar su Negocio. Available online: https:\/\/mineryreport.com\/blog\/xss-vulnerabilidad-web-que-puede-derribar-su-negocio\/."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"509","DOI":"10.3233\/JCS-150529","article-title":"CookiExt: Patching the browser against session hijacking attacks","volume":"23","author":"Bugliesi","year":"2015","journal-title":"J. Comput. Secur."},{"key":"ref_20","unstructured":"Zheng, X., Jiang, J., Liang, J., Duan, H., Chen, S., Wan, T., and Weaver, N.C. (2015, January 12\u201314). Cookies Lack Integrity: Real-World Implications. Proceedings of the USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_21","unstructured":"Bortz, A. (2025, May 19). Origin Cookies : Session Integrity for Web Applications. Available online: https:\/\/sharif.edu\/~kharrazi\/courses\/40441-011\/read\/session-integrity.pdf."},{"key":"ref_22","unstructured":"Keromytis, A.D. (2025, May 19). Cookie Hijacking in the Wild: Security and Privacy Implications. Available online: https:\/\/api.semanticscholar.org\/CorpusID:30033856."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Sivakorn, S., Polakis, I., and Keromytis, A.D. (2016, January 22\u201326). The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2016.49"},{"key":"ref_24","unstructured":"ESET (2025, May 19). Comprendiendo la Vulnerabilidad XSS (Cross-Site Scripting) en Sitios Web. Available online: https:\/\/www.welivesecurity.com\/la-es\/2015\/04\/29\/vulnerabilidad-xss-cross-site-scripting-sitios-web\/."},{"key":"ref_25","unstructured":"UNAM (2025, May 19). Cross-Site Scripting (XSS). Available online: https:\/\/www.seguridad.unam.mx\/cross-site-scripting-xss."},{"key":"ref_26","unstructured":"Team, G. (2025, May 19). Pruebe la Seguridad de su Navegador en Busca de Vulnerabilidades. Available online: https:\/\/geekflare.com\/es\/browser-security-test\/."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"100567","DOI":"10.1109\/ACCESS.2019.2927417","article-title":"MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique","volume":"7","author":"Mokbal","year":"2019","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Cui, Y., Cui, J., and Hu, J. (2020, January 15\u201317). A Survey on XSS Attack Detection and Prevention in Web Applications. Proceedings of the 2020 12th International Conference on Machine Learning and Computing (ICMLC\u201920), Shenzhen, China.","DOI":"10.1145\/3383972.3384027"},{"key":"ref_29","unstructured":"Kumar, A., Gupta, A., Mittal, P., Gupta, P.K., and Varghese, S. (2025, May 19). Prevention of XSS Attack Using Cryptography & API Integration with Web Security. Available online: https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=3833910."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Steffens, M., Rossow, C., Johns, M., and Stock, B. (2019, January 24\u201327). Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2019, San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23009"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Klein, D., Musch, M., Barber, T., Kopmann, M., and Johns, M. (2022, January 5\u20139). Accept All Exploits: Exploring the Security Impact of Cookie Banners. Proceedings of the 38th Annual Computer Security Applications Conference (ACSAC\u201922), Austin, TX, USA.","DOI":"10.1145\/3564625.3564647"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Dembla, D., Chaba, Y., Yadav, K., Chaba, M., and Kumar, A. (2020). A novel and efficient technique for prevention of xss attacks using knapsack based cryptography. Adv. Math. Sci. J., 9.","DOI":"10.37418\/amsj.9.7.20"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Mishra, P., and Gupta, C. (2020, January 4\u20135). Cookies in a Cross-site scripting: Type, Utilization, Detection, Protection and Remediation. Proceedings of the 2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, India.","DOI":"10.1109\/ICRITO48877.2020.9198003"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Nirmal, K., Janet, B., and Kumar, R. (2018, January 14\u201315). It\u2019s More Than Stealing Cookies\u2014Exploitability of XSS. Proceedings of the 2018 Second International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India.","DOI":"10.1109\/ICCONS.2018.8663230"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Shrivastava, A., Choudhary, S., and Kumar, A. (2016, January 14\u201316). XSS vulnerability assessment and prevention in web application. Proceedings of the 2016 2nd International Conference on Next Generation Computing Technologies (NGCT), Dehradun, India.","DOI":"10.1109\/NGCT.2016.7877529"},{"key":"ref_36","first-page":"28","article-title":"Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense","volume":"60","author":"Gupta","year":"2012","journal-title":"Int. J. Comput. Appl."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Takahashi, H., Yasunaga, K., Mambo, M., Kim, K., and Youm, H.Y. (2013, January 25\u201326). Preventing Abuse of Cookies Stolen by XSS. Proceedings of the 2013 Eighth Asia Joint Conference on Information Security, Seoul, Republic of Korea.","DOI":"10.1109\/ASIAJCIS.2013.20"},{"key":"ref_38","unstructured":"Putthacharoen, R., and Bunyatnoparat, P. (2011, January 13\u201316). Protecting cookies from Cross Site Script attacks using Dynamic Cookies Rewriting technique. Proceedings of the 13th International Conference on Advanced Communication Technology (ICACT2011), Gangwon, Ruplic of Korea."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Singh, T., and Mantoo, B.A. (2020). Loop Holes in Cookies and Their Technical Solutions for Web Developers, Springer.","DOI":"10.1007\/978-981-15-8297-4_41"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"1204","DOI":"10.1109\/TIFS.2019.2938416","article-title":"(In-)Security of Cookies in HTTPS: Cookie Theft by Removing Cookie Flags","volume":"15","author":"Kwon","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_41","unstructured":"Kumar, U., and Kumar, S. (2025, May 19). Protection Against Client-Side Cross Side Scripting (XSS\/CSS). Available online: https:\/\/www.semanticscholar.org\/paper\/Protection-against-Client-Side-Cross-Side-Scripting-Kumar-Kumar\/a5b7284114f69c1e5c06b3360eb7f711018c443d."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"1975","DOI":"10.17762\/turcomat.v12i3.1033","article-title":"The Limitations of Cross-Site Scripting Vulnerabilities Detection and Removal Techniques","volume":"12","author":"Hydara","year":"2021","journal-title":"Turk. J. Comput. Math. Educ. TURCOMAT"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"2182","DOI":"10.1016\/j.comnet.2010.03.006","article-title":"An automatic HTTP cookie management system","volume":"54","author":"Yue","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_44","unstructured":"Block, G., and Ogdin, P.L. (2025, May 19). Analysis of Tokenized HTTP Event Collector. Available online: https:\/\/patents.google.com\/patent\/US10169434B1\/en?oq=10169434."},{"key":"ref_45","unstructured":"Bhagat, D.B., Krishnan, M.R., Sadhasivam, K.M., and Varanasi, R.K. (2006). HTTP Cookie Protection by a Network Security Device. (Application No. US11\/406,107), U.S. Patent."},{"key":"ref_46","unstructured":"(2025, May 19). Guia para Tratamiento de Datos Personales en Administracion Publica. Available online: https:\/\/www.gobiernoelectronico.gob.ec\/wp-content\/uploads\/2019\/11\/Gu%C3%ADa-de-protecci%C3%B3n-de-datos-personales.pdf."},{"key":"ref_47","unstructured":"Schaper, D. (2025, May 19). Pi-Hole Network-Wide Ad Blocking. Available online: https:\/\/pi-hole.net\/."},{"key":"ref_48","unstructured":"Wireshark (2025, May 19). Tshark(1) Manual Page. Available online: https:\/\/www.wireshark.org\/docs\/man-pages\/tshark.html."},{"key":"ref_49","unstructured":"Sphinx (2025, May 19). PyAutoGUI\u2019s Documentation. Available online: https:\/\/pyautogui.readthedocs.io\/en\/latest\/."},{"key":"ref_50","unstructured":"Rocha, \u00c1., and Guarda, T. (, January 10\u201312). Cookie Scout: An Analytic Model for Prevention of Cross-Site Scripting (XSS) Using a Cookie Classifier. Proceedings of the International Conference on Information Technology & Systems (ICITS 2018), Pen\u00ednsula de Santa Elena, Ecuador."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Daimi, K., Alsadoon, A., Peoples, C., and El Madhoun, N. (2023). DataCookie: Sorting Cookies Using Data Mining for Prevention of Cross-Site Scripting (XSS). Emerging Trends in Cybersecurity Applications, Springer International Publishing.","DOI":"10.1007\/978-3-031-09640-2"},{"key":"ref_52","unstructured":"Telefonica (2025, May 19). Triki: Herramienta de Recolecci\u00f3n y an\u00e1Lisis de Cookies. Available online: https:\/\/telefonicatech.com\/blog\/triki-herramienta-recoleccion-analisis-cookies."},{"key":"ref_53","unstructured":"consentmanager (2025, May 19). Auditor\u00eda de Cookies para Sitios Web: C\u00f3mo Hacerlo Manualmente o Con un esc\u00e1Ner de Cookies. Available online: https:\/\/www.consentmanager.net\/es\/conocimiento\/cookie-audit\/."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Drakonakis, K., Ioannidis, S., and Polakis, J. (2020, January 9\u201313). The Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws. Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201920), Virtual Event.","DOI":"10.1145\/3372297.3417869"},{"key":"ref_55","first-page":"1678","article-title":"Comparative Analysis of Machine Learning Algorithms for Cross-Site Scripting (XSS) Attack Detection","volume":"8","author":"Hamzah","year":"2024","journal-title":"JOIV Int. J. Inform. Vis."},{"key":"ref_56","unstructured":"Njie, B., and Gabriouet, L. (2024). Machine Learning for Cross-Site Scripting (XSS) Detection. [Bachelor\u2019s Thesis, Dalarna University]."},{"key":"ref_57","unstructured":"Keyrus (2025, May 19). Qu\u00e9 es Clustering y para qu\u00e9 se Utiliza. Available online: https:\/\/keyrus.com\/sp\/es\/insights\/que-es-clustering-y-para-que-se-utiliza."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/284\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:59:05Z","timestamp":1760032745000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/7\/284"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,26]]},"references-count":57,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["fi17070284"],"URL":"https:\/\/doi.org\/10.3390\/fi17070284","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,26]]}}}