Portswigger WebSocket Vulnerability Labs Write-up!!
This blog discusses the WebSocket labs provided by portswigger.
This write-up for the lab WebSocket Vulnerability , simple case is part of my walkthrough series for PortSwigger’s Web Security Academy.
What is a Websocket Vulnerability!!
WebSockets is a protocol that allows for two-way communication over a single TCP connection. It is not a part of HTTP but can operate alongside it and is designed to work on the same ports. WebSockets also support the use of HTTP proxies.
Some modern websites use WebSockets, which are long-lasting connections established over HTTP. These connections allow for exchanging messages in both directions at any time, without requiring a transaction. Normally, the connection remains open and inactive until either the client or the server wants to send a message.
WebSockets are useful when there is a need for fast response times or when the server needs to initiate messages, like when receiving live updates of financial data. In general, the connections are typically made using JavaScript on the client side. A new WebSocket connection is created to communicate with a chat feature on a normal website.
The wss protocol sets up a secure WebSocket connection using TLS encryption, whereas the ws protocol uses an unsecured connection. This is an example of how the browser and the server communicate using the HTTP protocol.
To identify WebSocket vulnerability on your application, you can do the following:
- Can the application use ws instead of wss for communication?
- Is there input validation for sent messages?
- Does the application check the Origin header, or can you input your own domain?
- Can unrestricted cross domain calls lead to-DoS attacks?
Try to connect to the WebSocket server using a WebSocket client. If the connection is successful, the server may not be verifying the origin header of the WebSocket handshake. Some of the most common vulnerabilities can be listed as follows:
This refers to various security vulnerabilities and risks related to unencrypted communication, cross-site WebSocket hijacking, disclosure of sensitive information over a network, denial of service attacks, and cross-site scripting.
PORTSWIGGER LABS
<img src=1 onerror='alert(1)'>
<img src=1 onerror=’alert(1)’>
X-Forwarded-For: 1.1.1.1
<img src=1 oNeRrOr=alert`1`>
your-websocket-url with the URL from the WebSocket handshake (YOUR-LAB-ID.web-security-academy.net/chat). Make sure you change the protocol from https:// to wss://. Replace your-collaborator-url with a payload generated by Burp Collaborator.
Read our Previous Blogs.
Read our Blog on Websocket in deep!!
If you enjoyed this blog post, share it with your friends and colleagues!!
Recent Comments