# WebSocket

### STEWS

{% embed url="<https://github.com/PalindromeLabs/STEWS>" %}

#### Discovery:

<https://github.com/PalindromeLabs/STEWS/blob/main/discovery/README.md>

#### Fingerprinting:

```bash
# SSL/TLS
python3 STEWS-fingerprint.py -a -k -u websocket.host.com

# No enc
python3 STEWS-fingerprint.py -a -n -u websocket.host.com
```

#### Vulnerability Enum:

run the vulnerabilities from 1-4

```bash
# SSL/TLS 
python3 STEWS-vuln-detect.py -1 -k -u websocket.host.com

# No enc
python3 STEWS-fingerprint.py -a -n -u websocket.host.com
```

## WebSocket SQLi

use 'sqlmap-websocket-proxy' to proxy the WebSocket connection:

```bash
# install
python3 -m pip install sqlmap-websocket-proxy

# run the proxy
sqlmap-websocket-proxy -u ws://sketchyurl.htb:8081 -p '{"uid_of_some_sort": "%param%"}' --json

# SQLMap
sqlmap -u http://localhost:8080/?param1=1

```