Portswigger Academy Websockets Labs

Introduction

What?

WebSockets are widely used in modern web applications. They are initiated over HTTP and provide long-lived connections with asynchronous communication in both directions.

WebSockets are used for all kinds of purposes, including performing user actions and transmitting sensitive information. Virtually any HTTP web security vulnerability can also exist in WebSockets communications.

Why?

Finding WebSockets security vulnerabilities generally involves manipulating them in ways that the application doesn’t expect.

How?

• Websocket vulnerabilities

• Manipulating WebSocket messages to exploit vulnerabilities

• Manipulating the WebSocket handshake to exploit vulnerabilities

• Cross-site WebSocket hijacking