Web Sockets in Web App Penetration Testing | 2023

In this section, we’ll explain what Web sockets is, describe some types, explain how to find and exploit various kinds of Web sockets and summarize how to prevent Web socket attacks Karthikeyan Nagaraj

What is WebSockets

WebSockets are widely used in modern web applications. They are initiated over HTTP and provide long-lived connections with asynchronous communication in both directions.

WebSockets are used for all kinds of purposes, including performing user actions and transmitting sensitive information. Virtually any web security vulnerability that arises with regular HTTP can also arise in relation to WebSockets communications.

Intercepting and modifying WebSocket messages

You can use Burp Proxy to intercept and modify WebSocket messages, as follows:

• Open Burp’s browser.
• Browse to the application function that uses WebSockets. You can determine that WebSockets are being used by using the application and looking for entries appearing in the WebSockets history tab within Burp Proxy.
• In the Intercept tab of Burp Proxy, ensure that interception is turned on.
• When a WebSocket message is sent from the browser or server, it will be displayed in the Intercept tab for you to view or modify. Press the Forward button to forward the message.

Replaying and generating new WebSocket messages

As well as intercepting and modifying WebSocket messages on the fly, you can replay individual messages and generate new messages. You can do this using Burp Repeater:

• In Burp Proxy, select a message in the WebSockets history, or in the Intercept tab, and choose “Send to Repeater” from the context menu.
• In Burp Repeater, you can now edit the message that was selected, and send it over and over.
• You can enter a new message and send it in either direction, to the client or server.
• In the “History” panel…