Context-Auditor: Context-sensitive Content Injection Mitigation

Faezeh Kalantari, Mehrnoosh Zaeifi, Tiffany Bao, Fish Wang, Yan Shoshitaishvili, Adam Doupé

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Cross-site scripting (XSS) is the most common vulnerability class in web applications over the last decade. Much research attention has focused on building exploit mitigation defenses for this problem, but no technique provides adequate protection in the face of advanced attacks. One technique that bypasses XSS mitigations is the scriptless attack: a content injection technique that uses (among other options) CSS and HTML injection to infiltrate data. In studying this technique and others, we realized that the common property among the exploitation of all content injection vulnerabilities, including not just XSS and scriptless attacks, but also command injections and several others, is an unintended context switch in the victim program's parsing engine that is caused by untrusted user input. In this paper, we propose Context-Auditor, a novel technique that leverages this insight to identify content injection vulnerabilities ranging from XSS to scriptless attacks and command injections. We implemented Context-Auditor as a general solution to content injection exploit detection problem in the form of a flexible, stand-alone detection module. We deployed instances of Context-Auditor as (1) a browser plugin, (2) a web proxy (3) a web server plugin, and (4) as a wrapper around potentially-injectable system endpoints. Because Context-Auditor targets the root cause of content injection exploitation (and, more specifically for the purpose of our prototype, XSS exploitation, scriptless exploitation, and command injection), our evaluation results demonstrate that Context-Auditor can identify and block content injection exploits that modern defenses cannot while maintaining low throughput overhead and avoiding false positives.

Original languageEnglish (US)
Title of host publicationProceedings of 25th International Symposium on Researchin Attacks, Intrusions and Defenses, RAID 2022
PublisherAssociation for Computing Machinery
Number of pages15
ISBN (Electronic)9781450397049
StatePublished - Oct 26 2022
Event25th International Symposium on Researchin Attacks, Intrusions and Defenses, RAID 2022 - Limassol, Cyprus
Duration: Oct 26 2022Oct 28 2022

Publication series

NameACM International Conference Proceeding Series


Conference25th International Symposium on Researchin Attacks, Intrusions and Defenses, RAID 2022

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software


Dive into the research topics of 'Context-Auditor: Context-sensitive Content Injection Mitigation'. Together they form a unique fingerprint.

Cite this