Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3259] No subject

Browse source
This commit is contained in:
CPol 2022-06-19 14:00:50 +00:00 committed by gitbook-bot
parent ca7dc27024
commit d9fe1452c7
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pentesting-web/cross-site-websocket-hijacking-cswsh.md
View file

@ -157,6 +157,14 @@ sudo python3 -m http.server 80
As Web Sockets are a mechanism to **send data to server side and client side**, depending on how the server and client handles the information, **Web Sockets can be used to exploit several other vulnerabilities like XSS, SQLi or any other common web vuln using input of s user from a websocket.**
## **WebSocket Smuggling**
This vulnerability could allow you to **bypass reverse proxies restrictions** by making them believe that a **websocket communication was stablished** (even if it isn't true). This could allow an attacker to **access hidden endpoints**. For more information check the following page:
{% content-ref url="h2c-smuggling.md" %}
[h2c-smuggling.md](h2c-smuggling.md)
{% endcontent-ref %}
## References
{% embed url="https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages" %}