Hacking Your Way Through Web Sockets [Advanced]


The Most interesting thing I found in some WebSocket applications is that, The Connection establishment in Web Sockets is not taken by BurpSuit, Whereas the messages/information sent or received after the connection establishment are caught. It holds true for some applications only, take WebSocket's Echo For Example.This happens because, The Authentication needs are already generated, just the connection is to be made. But In other cases, You'll find WebSocket Requests inside the HTTP/1.1 request if you take a look at it with BurpSuit.
It looks something like this,
REQUEST
GET /chat HTTP/1.1
Host: server.example.com
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==
Sec-WebSocket-Protocol: chat, superchat
Sec-WebSocket-Version: 13
Origin: http://example.com

RESPONSE
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk=
Sec-WebSocket-Protocol: chat

According to Wikipedia,WebSocket is designed to be implemented in web browsers and web servers, but it can be used by any client or server application.The client sends a Sec-WebSocket-Key which is a random value that has been base64 encoded. To form a response, the magic string 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 is appended to this (undecoded) key. The resulting string is then hashed with SHA-1, then base64 encoded. Finally, the resulting reply occurs in the header Sec-WebSocket-Accept.

Once the connection is established, the client and server can send WebSocket data or text frames back and forth in full-duplex mode. So, WebSockets make their connection with the origin,[Origin: http://example.com]   Here, Tweaking it will help us to steal the Websocket key.  And SocketPuppet Chrome Extension Helps to edit the WebSocket's Requests and Response in Real Time!

But Unfortunately, Not Many Applications use WebSockets, Maybe in Future. But AJAX is still the dominant Real Time Data updating mechanism(If you compare it with WebSocket, mechanism is the right word). So, Do Checkout Socket Puppet. And also check out websocket.org   For Examples of Applications Which use Websockets.



If You Have any Query, please post it in the comments section.