Categoría: WebSockets

Manipulating the WebSocket handshake to exploit vulnerabilities

Descripción This online shop has a live chat feature implemented using WebSockets. It has an aggressive but flawed XSS filter. To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent’s browser. Manipulating the WebSocket handshake to exploit vulnerabilities writeup Entraremos en el laboratorio, en la opción de ‘Live chat’. Enviaremos […]

Cross-site WebSocket hijacking

Descripción This online shop has a live chat feature implemented using WebSockets. To solve the lab, use the exploit server to host an HTML/JavaScript payload that uses a cross-site WebSocket hijacking attack to exfiltrate the victim’s chat history, then use this gain access to their account. Cross-site WebSocket hijacking writeup Entraremos al laboratorio e iremos a la […]

Manipulating WebSocket messages to exploit vulnerabilities

Descripción This online shop has a live chat feature implemented using WebSockets. Chat messages that you submit are viewed by a support agent in real time. To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent’s browser. Manipulating WebSocket messages to exploit vulnerabilities writeup Al entrar al laboratorio encontramos una […]