Web Sockets in Web App Penetration Testing | 2023

In this section, we’ll explain what Web sockets is, describe some types, explain how to find and exploit various kinds of Web sockets and summarize how to prevent Web socket attacks Karthikeyan Nagaraj

What is WebSockets

WebSockets are widely used in modern web applications. They are initiated over HTTP and provide long-lived connections with asynchronous communication in both directions.

WebSockets are used for all kinds of purposes, including performing user actions and transmitting sensitive information. Virtually any web security vulnerability that arises with regular HTTP can also arise in relation to WebSockets communications.

Intercepting and modifying WebSocket messages

You can use Burp Proxy to intercept and modify WebSocket messages, as follows:

• Open Burp’s browser.
• Browse to the application function that uses WebSockets. You can determine that WebSockets are being used by using the application and looking for entries appearing in the WebSockets history tab within Burp Proxy.
• In the Intercept tab of…