exploiting-websocket-vulnerabilities
Installation
SKILL.md
Exploiting WebSocket Vulnerabilities
When to Use
- During authorized penetration tests when the application uses WebSocket connections for real-time features
- When assessing chat applications, live notifications, trading platforms, or collaborative editing tools
- For testing WebSocket API endpoints for authentication and authorization flaws
- When evaluating real-time data streams for injection vulnerabilities
- During security assessments of applications using Socket.IO, SignalR, or native WebSocket APIs
Prerequisites
- Authorization: Written penetration testing agreement covering WebSocket testing
- Burp Suite Professional: With WebSocket interception capability
- Browser DevTools: Network tab for WebSocket frame inspection
- websocat: Command-line WebSocket client (
cargo install websocat) - wscat: Node.js WebSocket client (
npm install -g wscat) - Python websockets: For scripting custom WebSocket attacks (
pip install websockets)