WHY DO WE NEED WEBSOCKETS??
• 1-WebSocket is a naturally full-duplex, bidirectional, single-socket connection. With WebSocket,
your HTTP request becomes a single request to open a WebSocket connection and reuses the
same connection from the client to the server, and the server to the client.
• 2-WebSocket reduces latency. For example, unlike polling, WebSocket makes a single request.
The server does not need to wait for a request from the client. Similarly, the client can send
messages to the server at any time. This single request greatly reduces latency over polling,
which sends a request at intervals, regardless of whether messages are available.
• 3-WebSocket makes real-time communication much more efficient. You can always use polling
(and sometimes even streaming) over HTTP to receive notifications over HTTP. However,
WebSocket saves bandwidth, CPU power, and latency. WebSocket is an innovation in
SOME MORE USAGE :
• WebSocket is an underlying network protocol that enables you to build other
standard protocols on top of it.
• WebSocket is part of an effort to provide advanced capabilities to HTML5
applications in order to compete with other platforms.
• WebSocket is about Simplicity
HOW DO WE USE THEM???
• What all things required:
Webkit: Chrome, Safari(Work on ios)
• Burp can proxy WebSocket Traffic
• OWASP ZAP can Proxy and fuzz WebSocket Traffic
• Chrome offers a Web Socket client and developer tools(F12)
**During Mapping phase look for ws:// or wss://
** Both Ruby and python support websocket client and servers.
LIST OF VULNERABILITIES
WebSockets have been a source of interesting vulnerabilities
Apache, Wireshark, Chrome, OpenStack, MessageSight, Firefox, Drupal, Ansible
Tower, and others
Denial of service, remote code execution, sandbox bypass, and authorization
• CVE-2014-0193, CVE-2014-0921, CVE-2014-0922, CVE-2014-1703, CVE-2014-
3165, CVE-2014-3429, CVE-2015-0176, CVE-2015-0228, CVE-2015-0259, CVE-
2015-1244, CVE-2015-1482, CVE-2015-3810, CVE-2015-7197, and CVE-2015-8601
• Not all Browsers support them:
Firefox 4, IE9,Opera
• WebSockets need maintenance and care:
Re-open connif network timeout
Back off if server is down
Keep Alive if your connection times out
Buffer and resends the message in above cases
• Many libraries – including the most popular Ruby one
ATTACKER’S VIEW OF WEBSOCKET
• This is a relatively new area of security research New technologies create challenges
• Protocol use might not be properly monitored
• Defenders might not even know it is there! Attackers can leverage WebSockets to
• attack server side
• attack client side
• attack parsers
• bypass filtering