Cross-Site Websocket Hijacking

Not so long ago, to make website’s content appear in real time it had to be kind of simulated.
For example from the level of JavaScript – by sending a request to the server every few seconds and downloading the latest content.
The more often we sent requests, the faster the user got the response.

These times are behind us. Now, for this purpose, websockets are used – they allow for two-way communication between the client and the server in real time.
But what traps we can fall into if we want to implement this functionality on our site?
Today’s episode of “from 0 to pentesting hero” is about a little-known attack named: Cross-Site Websocket Hijacking.

More info: https://www.christian-schneider.net/CrossSiteWebSocketHijacking.html

Icon made by Freepik, Eucalyp, Webalys, prettycons, monkik, Flat-icons-com from www.flaticon.com

#from0topentestinghero #java #websocket