mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-11 09:36:11 +02:00

History

cclauss a458cb397d Use print() function in both Python 2 and Python 3 Legacy __print__ statements are syntax errors in Python 3 but __print()__ function works as expected in both Python 2 and Python 3.		2019-04-26 14:35:16 -04:00
..
Files	Use print() function in both Python 2 and Python 3	2019-04-26 14:35:16 -04:00
Images	Fix name's capitalization	2019-03-07 00:07:55 +01:00
README.md	Fix name's capitalization	2019-03-07 00:07:55 +01:00

README.md

Web Sockets Attacks

The WebSocket protocol allows a bidirectional and full-duplex communication between a client and a server

Tools:

ws-harness.py

Summary

Using ws-harness.py

Using ws-harness.py

Start ws-harness to listen on a web-socket, and specify a message template to send to the endpoint.

python ws-harness.py -u "ws://dvws.local:8080/authenticate-user" -m ./message.txt

The content of the message should contains the [FUZZ] keyword.

{"auth_user":"dGVzda==", "auth_pass":"[FUZZ]"}

Then you can use any tools against the newly created web service, working as a proxy and tampering on the fly the content of message sent thru the websocket.

sqlmap -u http://127.0.0.1:8000/?fuzz=test --tables --tamper=base64encode --dump

README.md

Web Sockets Attacks

Summary

Using ws-harness.py

References