Portswigger Academy Websockets Labs |
Introduction
What?
WebSockets are widely used in modern web applications. They are initiated over HTTP and provide long-lived connections with asynchronous communication in both directions.
WebSockets are used for all kinds of purposes, including performing user actions and transmitting sensitive information. Virtually any HTTP web security vulnerability can also exist in WebSockets communications.
Why?
Finding WebSockets security vulnerabilities generally involves manipulating them in ways that the application doesn’t expect.