The Most interesting thing I found in some WebSocket applications is that, The Connection establishment in Web Sockets is not taken by BurpSuit, Whereas the messages/information sent or received after the connection establishment are caught. It holds true for some applications only, take WebSocket's Echo For Example.This happens because, The Authentication needs are already generated, just the connection is to be made. But In other cases, You'll find WebSocket Requests inside the HTTP/1.1 request if you take a look at it with BurpSuit.
It looks something like this,
REQUEST GET /chat HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw== Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Origin: http://example.com
RESPONSE HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk= Sec-WebSocket-Protocol: chat
According to Wikipedia,WebSocket is designed to be implemented in web browsers and web servers, but it can be used by any client or server application.The client sends a Sec-WebSocket-Key which is a random value that has been base64 encoded. To form a response, the magic string 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 is appended to this (undecoded) key. The resulting string is then hashed with SHA-1, then base64 encoded. Finally, the resulting reply occurs in the header Sec-WebSocket-Accept.
Origin: http://example.com] Here, Tweaking it will help us to steal the Websocket key. And SocketPuppet Chrome Extension Helps to edit the WebSocket's Requests and Response in Real Time!
But Unfortunately, Not Many Applications use WebSockets, Maybe in Future. But AJAX is still the dominant Real Time Data updating mechanism(If you compare it with WebSocket, mechanism is the right word). So, Do Checkout Socket Puppet. And also check out websocket.org For Examples of Applications Which use Websockets.
If You Have any Query, please post it in the comments section.