Published on May 24th, 2016 | by MaxiSoler0
JS-Firewall v6.306 XSS Protection Tool
The difficulty of XSS detection lies in various ways of triggering, but in the end the behavior of attack is common. We skip the detection of trigger modes, but choose to use the JS against JS, directly monitoring abnormal behaviors of the client. We can get a lot of information about the attacker,and send the report to the cloud in the first time.
This brings a lot of advantages:
- Dynamic detection of all types of XSS attacks, including reflection, storage, Dom and Flash, etc.
- Each client is our nodes, thus reducing the pressure of the server.
- Get the real data of attack in real-time, including the attacker’s information.
- Backtrack the attacks.
- Both send warnings and block the attacks.
And for each type of attacks, we can formulate the corresponding defense strategies:
- Anti cookie-stealing
- Monitor XSS-tester
- Protect password-form
- Anti js-file from untrusted host
- Anti upload webshell
- Simulate httponly
Who need it
- Website Master need it to protect users from XSS.
- Security Operation Staff in company.It can help you to find out XSS when attacking at first time.
- WAF/IDS/IPS Developer.You can insert Js-firewall into HTTP Response Body,so that protect users from XSS.
- Email user,or other background Webpages user,need a browser extension with Js-firewall to protect them from XSS.
ver: 6.306 2016/4/28
- Issues alert inside the cookie prototype chain
ver: 6.305 2016/4/27
- Fixed chrome older versions of Firefox can not write cookie problem
ver: 6.304 2016/4/22
- The bug fixes webshell
- Alarm address to https
- Fixed alert the problem, the problem lies in the prototype chain error
More Information: here
Thanks to our friend Wangke from 0kee Team for sharing this tool with us.