diff --git a/SUMMARY.md b/SUMMARY.md index dc9d236fc..3f96660a8 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -540,7 +540,7 @@ * [Cookie Bomb](pentesting-web/hacking-with-cookies/cookie-bomb.md) * [CORS - Misconfigurations & Bypass](pentesting-web/cors-bypass.md) * [CRLF (%0D%0A) Injection](pentesting-web/crlf-0d-0a.md) -* [Cross-site WebSocket hijacking (CSWSH)](pentesting-web/cross-site-websocket-hijacking-cswsh.md) +* [WebSocket Attacks](pentesting-web/websocket-attacks.md) * [CSRF (Cross Site Request Forgery)](pentesting-web/csrf-cross-site-request-forgery.md) * [Dangling Markup - HTML scriptless injection](pentesting-web/dangling-markup-html-scriptless-injection/README.md) * [SS-Leaks](pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md) diff --git a/pentesting-web/race-condition.md b/pentesting-web/race-condition.md index e3af22895..282966db3 100644 --- a/pentesting-web/race-condition.md +++ b/pentesting-web/race-condition.md @@ -315,6 +315,10 @@ The **problem** appears when you **accept it** and automatically sends an **`aut Once you have **obtained a valid RT** you could try to **abuse it to generate several AT/RT** and **even if the user cancels the permissions** for the malicious application to access his data, **several RTs will still be valid.** +## **RC in WebSockets** + +In [**WS\_RaceCondition\_PoC**](https://github.com/redrays-io/WS\_RaceCondition\_PoC) you can find a PoC in Java to send websocket messages in **parallel** to abuse **Race Conditions also in Web Sockets**. + ## References * [https://hackerone.com/reports/759247](https://hackerone.com/reports/759247) diff --git a/pentesting-web/web-vulnerabilities-methodology/README.md b/pentesting-web/web-vulnerabilities-methodology/README.md index e15b824d1..5d3acd3aa 100644 --- a/pentesting-web/web-vulnerabilities-methodology/README.md +++ b/pentesting-web/web-vulnerabilities-methodology/README.md @@ -77,7 +77,7 @@ If the functionality may be used to search some kind of data inside the backend, When a websocket posts a message or a form allowing users to perform actions vulnerabilities may arise. * [ ] [**Cross Site Request Forgery**](../csrf-cross-site-request-forgery.md) -* [ ] [**Cross-site WebSocket hijacking (CSWSH)**](../cross-site-websocket-hijacking-cswsh.md) +* [ ] [**Cross-site WebSocket hijacking (CSWSH)**](../websocket-attacks.md) * [ ] [**PostMessage Vulnerabilities**](../postmessage-vulnerabilities/) ### **HTTP Headers** diff --git a/pentesting-web/cross-site-websocket-hijacking-cswsh.md b/pentesting-web/websocket-attacks.md similarity index 98% rename from pentesting-web/cross-site-websocket-hijacking-cswsh.md rename to pentesting-web/websocket-attacks.md index 054a40e24..c96b7cfea 100644 --- a/pentesting-web/cross-site-websocket-hijacking-cswsh.md +++ b/pentesting-web/websocket-attacks.md @@ -1,4 +1,4 @@ -# Cross-site WebSocket hijacking (CSWSH) +# WebSocket Attacks
@@ -165,6 +165,10 @@ Exposing the web application and making a user connect to it you will be able to sudo python3 -m http.server 80 ``` +## Race Conditions + +Race Conditions in WebSockets are also a thing, [check this information to learn more](race-condition.md#rc-in-websockets). + ## Other vulnerabilities As Web Sockets are a mechanism to **send data to server side and client side**, depending on how the server and client handles the information, **Web Sockets can be used to exploit several other vulnerabilities like XSS, SQLi or any other common web vuln using input of s user from a websocket.**