Cross-Site WebSocket Hijacking

This exercise covers Cross-Site WebSocket Hijacking and how it can be used to gain access to sensitive information

< 1 Hr.
Orange Badge


In this course, you will learn how to exploit a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. Unlike XMLHttpRequest, WebSockets do not adhere to the same-origin policy, allowing a website on one origin to communicate with another origin's WebSocket. By leveraging this behavior, an attacker can create a malicious HTML page that connects to a vulnerable backend and sends commands to extract sensitive information, such as user authentication keys. The course demonstrates this process step-by-step, including how to write the malicious code, send the /getkey command, and leak the retrieved information back to the attacker's server using an image tag.

The course is based on the article "Cross-Site WebSocket Hijacking (CSWSH)" by Christian Schneider and a Bug Bounty Write-up titled "Account Takeover Using Cross-Site WebSocket Hijacking (CSWSH)" by Sharan Panegav. By following this course, you will gain a deeper understanding of how to exploit WebSocket vulnerabilities and the importance of implementing security measures like strict origin checks to prevent such attacks.

Want to learn more? Get started with PentesterLab Pro! GO PRO