Manipulating the WebSocket handshake to exploit vulnerabilities

Postswigger Lab Simple Solution — Manipulating the WebSocket to exploit vulnerabilities | Karthikeyan Nagaraj

Lab Description:

This online shop has a live chat feature implemented using WebSockets.

It has an aggressive but flawed XSS filter.

To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.

What is a WebSocket?

WebSockets are becoming increasingly popular because they greatly simplify the communication between a client and a server.

The WebSocket protocol uses the OSI model application layer (Layer 7) to allow a client and server to perform bidirectional (full duplex) communication. This makes it possible to create dynamic, real-time web applications such as instant messaging and photo-sharing apps.

WebSockets overcome some of the traditional restrictions of communications between browsers and servers:

• Client requests/server responds — n the past servers had permanent listeners. The client (the one using the browser) didn’t have a fixed listener for long-term connections. This made each communication centered around the client's demands and the server's response.
• Communication is dependent on the client — the server can only push a resource to a client when the client requests it.
• Continual checking — clients are constantly forced to refresh results from the server. This is why libraries focus on making all asynchronous calls optimized. They also have to identify their response. The most common solution to this problem is the use of callback functions.

Analysis:

1. First of all, let’s try the live chat Functionality and Intercept try to Intercept the traffic using Burpsuite

2. Send the Request you find on Websocket History to the Repeater