Kali Linux Web Penetration Testing Cookbook by Gilberto Najera-Gutierrez

Author:Gilberto Najera-Gutierrez [Gilberto Najera-Gutierrez]
Language: eng
Format: epub, pdf
Publisher: Packt Publishing
Published: 2018-08-31T09:50:31+00:00

Then, we will see the WebSocket Message Editor window, where we can change all of the parameters of the message, including its direction and contents, and send it again:

Most of the attacks and security weaknesses inherent in web applications can be replicated and exploited via WebSockets if the application is vulnerable.

How it works...

WebSockets communication is initiated by the client via the WebSocket class in JavaScript. When a WebSocket instance is created, the client starts the handshake with the server. When the server responds to the handshake and the connection is established, the HTTP connection is then replaced by the WebSocket connection, and it becomes a bidirectional binary protocol not necessarily compatible with HTTP.

WebSockets is plain text, as is HTTP. The server will still require you to implement HTTPS to provide an encrypted layer. If we sniff the communication in the previous exercise with Wireshark, we can easily read the message:

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.