Cross-Site WebSocket Hijacking
This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information
In this course, you will learn how to exploit a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. Unlike XMLHttpRequest, WebSockets do not adhere to the same-origin policy, allowing a website on one origin to communicate with another origin's WebSocket. By leveraging this behavior, an attacker can create a malicious HTML page that connects to a vulnerable backend and sends commands to extract sensitive information, such as user authentication keys. The course demonstrates this process step-by-step, including how to write the malicious code, send the /getkey command, and leak the retrieved information back to the attacker's server using an image tag.
The course is based on the article "Cross-Site WebSocket Hijacking (CSWSH)" by Christian Schneider and a Bug Bounty Write-up titled "Account Takeover Using Cross-Site WebSocket Hijacking (CSWSH)" by Sharan Panegav. By following this course, you will gain a deeper understanding of how to exploit WebSocket vulnerabilities and the importance of implementing security measures like strict origin checks to prevent such attacks.