July 29, 2021

What is Websockets Security Vulnerabilities ?

In this article, we are telling you about Websockets Security Vulnerabilities, whether you call it Websockets Vulnerabilities or Websockets Security issues the same thing happens.

Here we are telling you deeply about Websockets Security Vulnerabilities, here we are also telling you it practically how you can find this bug in a website.

Also, in what kind of websites do you get this bug, this is also being told to you, all of this is being told to you for educational purpose, you should never misuse it in any way.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

Websockets Security Vulnerabilities ?

Before going about websites security vulnerabilities practically you have to understand what are websockets and what kind of websites can this bug be found.

Let us understand this by example, you will see many such websites where you get the option of live chat where you can chat, you can send messages.

Here the same features are called websockets where you can capture live chat with the help of burp suite and also make changes in it like cross site scripting attacks payloads can also be injected here.

Here you are also being told practically how the hackers are able to inject payloads into a website by exploiting Websockets Security Vulnerabilities, here we want to clear you one thing.

Here it is not that the payloads of xss attack can only be injected, here you can also inject the os command injection SQL injection attack and the payloads of CSRF attack.

It is not that there is so much to tell in Websockets Security Vulnerabilities, if you are told its definition then it becomes in great detail, here you have tried to understand it in easy language.

Websockets Security Vulnerabilities Labs ?

Here we are telling you by solving two labs of Websockets Security Vulnerabilities, both these labs are found on the website of portswigger, apart from this you get another lab which you can try by solving yourself.

Manipulating WebSocket messages to exploit vulnerabilities ?

As the name itself suggests, if you are able to inject xss payloads with the help of burpsuite while doing live chat here, you can call it Websockets Security vulnerabilities.

https://portswigger.net/web-security/websockets/lab-manipulating-messages-to-exploit-vulnerabilities

Websockets Security

Here first you have to access the lab as well as run the burp suite normally. After doing all this, when you access the lab, you get the option of live chat on the home page itself.

Websockets Security

As you can see in the image, you get the option of live chat here, you can see the option of live chat in other websites of any kind or you may have seen the icon of chat.

Websockets Security

As you can see, here you chat, in such a way, you also get an automatic reply through the computer, something like this happens in a live website too, you must have noticed this too many times.

Websockets Security

After doing all this you can check in websocket history in burp suite, you get your message here you have to send this message to repeater so that you can inject payloads here.

Websockets Security

As you can see in the image, here we have injected the payloads of cross site scripting and send the request, in the same way you also have to do this, after doing all this you will be able to see that your payload will be loaded.

Websockets Security

As you can see in the image, the payload has also been loaded in front of you, as well as this lab of your Websockets Security vulnerabilities has also been solved and you have received a message of congratulations.

Manipulating the WebSocket handshake to exploit vulnerabilities ?

You also get to exploit handshake in Websockets Security vulnerabilities like you have been told how handshake works, you have been told in the article about wifi hack.

https://portswigger.net/web-security/websockets/lab-manipulating-handshake-to-exploit-vulnerabilities

Websockets Security

Handshake can be exploited in similar websites as well, if you try to inject payload when you are blocked in such a way, you can also find Websockets Security vulnerabilities by changing the IP address.

As you have been told, first of all you have to capture the message in the websocket history in the burp suite as you have been told in the lab above, similarly you have to do it here too.

Websockets Security

After doing all this, you have to inject the payload and send the request, after doing this, you will be able to see that you will be blocked as you can see in the image, so you do not have a live chat show.

You get a message show in this way, this address is blacklisted as you can see in the image, even if you refresh this page, you still get the same error, in such a way you have to change the ip address.

If you get an error in this way, you have to reconnect and give an IP address, as you can see in the image, after reconnecting in this way, you have to inject the payload again.

After doing all this, you do not get any kind of error as well as your lab is also solved, you get a message show of congratulations but we are also telling you this request live

Just like when you refresh the page, in such a way that you capture the request, you have to give the ip address on the same, in such a way, if you forward the request, you have to give the ip address again.

You have to do this till your live chat message is shown in front of you as you can see in the image, on forwarding the request, you will be able to notice on the home page that your payload will be loaded.

As you can see in the image here, the payload injected with the iframe has been loaded, as well as you get a message of congratulations lab gets solved already but we wanted to tell you how the payload is loads.

The Conclusion

I hope that now you can understand about Websockets Security vulnerabilities. We have told you here by solving two labs of Websockets Security vulnerabilities.

In this way, you get another lab of Websockets Security vulnerabilities, which you can solve by yourself and see if you have any problem in solving that lab, you can ask in the comment.

Here we have told you about Websockets Security vulnerabilities in easy language, otherwise you get a lot of definitions of Websockets Security vulnerabilities, in such a way that you do not confuse in any way.

If you have any kind of question related to Websockets Security vulnerabilities or related to any kind of hacking, in such a way you can ask in the comment, we will help you completely.

I hope that you will definitely like our articles and at the same time you also share our articles, you can also subscribe to our website so that whenever we publish the article, you get a notification.

Sharing is Caring

Thankyou

Share This:
Translate »
error: Content is protected !!