Introduction

So guys, how are you all? Today we are writing articles on WebSockets vulnerabilities. This is our second article on WebSockets vulnerabilities. In this article, we will cover the lab “Manipulating the WebSocket handshake to exploit vulnerabilities” from PortSwigger Web Security. We will perform a complete step-by-step practical to help you understand it better.

Lab Description

This lab is basically an online shop that provides a live chat feature based on WebSockets. In this lab, there is an XSS vulnerability that we need to exploit. To solve the lab, you need to trigger the “alert()” message.

Lab Solution

Firstly, access the lab. Then open your Burp Suite and enable the proxy. Now go back to the application and click on the live chat.

In the live chat, enter some text for the bot, and intercept one of the texts in Burp Suite’s Repeater tab.

<img src=1 onerror='alert(1)'>

I injected an XSS payload into the message, and as you can see, the server disconnected us. Not only that, but the server also blocked our IP address.

You can see that the server has blocked us.

To establish the connection with the server again, you need to use “X-Forwarded-For: 1.1.1.1”.

X-Forwarded-For: 1.1.1.1

So, I clicked on the Repeater tab, added the X-Forwarded-For header to the request, and forwarded it.

Now I have successfully reconnected with the server.

Now I will bypass the security.

<img src=1 oNeRrOr=alert1>

Using the above payload, I have solved the lab “Manipulating the WebSocket handshake to exploit vulnerabilities” from PortSwigger Web Security.

You can learn everything related to web security on our website. We upload the latest articles on web security topics on a daily basis, so stay with us.

Finally, you have completed the Cross-Origin Resource Sharing (CORS) topic and the next topic is WebSockets, which you are currently reading. Please if you like the topic which is covered above then share it with your friends as well. The next topic to cover is Clickjacking, Good Luck!

FAQS