WebSocket

STEWS

GitHub - PalindromeLabs/STEWS: A Security Tool for Enumerating WebSocketsGitHub

Discovery:

https://github.com/PalindromeLabs/STEWS/blob/main/discovery/README.md

Fingerprinting:

# SSL/TLS
python3 STEWS-fingerprint.py -a -k -u websocket.host.com

# No enc
python3 STEWS-fingerprint.py -a -n -u websocket.host.com

Vulnerability Enum:

run the vulnerabilities from 1-4

# SSL/TLS 
python3 STEWS-vuln-detect.py -1 -k -u websocket.host.com

# No enc
python3 STEWS-fingerprint.py -a -n -u websocket.host.com

WebSocket SQLi

use 'sqlmap-websocket-proxy' to proxy the WebSocket connection:

# install
python3 -m pip install sqlmap-websocket-proxy

# run the proxy
sqlmap-websocket-proxy -u ws://sketchyurl.htb:8081 -p '{"uid_of_some_sort": "%param%"}' --json

# SQLMap
sqlmap -u http://localhost:8080/?param1=1

PreviousWAF Bypass NextFile Inclusion

Last updated 2 years ago