Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 17:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-02-23 13:55:20 +00:00 committed by gitbook-bot
parent a0166afcc3
commit 8a1dd5e20f
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pentesting-web/cross-site-websocket-hijacking-cswsh.md
View file

@ -1,7 +1,5 @@
# Cross-site WebSocket hijacking \(CSWSH\)
Most of the information of this page is from **Portswiggers WebSockets tutorials \(main page:** [**https://portswigger.net/web-security/websockets\#intercepting-and-modifying-websocket-messages**](https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages)**\)**
## What are WebSockets
WebSocket connections are initiated over **HTTP** and are typically **long-lived**. Messages can be sent in **either direction at any time** and are not transactional in nature. The connection will normally stay open and idle until either the client or the server is ready to send a message.
@ -136,7 +134,13 @@ sudo python3 -m http.server 80
## Other vulnerabilities
As Web Sockets are a mechanism to **send data to server side and client side**, depending on how the server and client handles the information, **Web Sockets can be used to exploit several other vulnerabilities**:
As Web Sockets are a mechanism to **send data to server side and client side**, depending on how the server and client handles the information, **Web Sockets can be used to exploit several other vulnerabilities like XSS, SQLi or any other common web vuln using input of s user from a websocket.**
## References
{% embed url="https://portswigger.net/web-security/websockets\#intercepting-and-modifying-websocket-messages" %}
\*\*\*\*