CSWSH
June 6, 2020 ยท View on GitHub
A command-line tool designed to test and connect to a WebSocket which are vulnerable to Cross-Site WebSocket Hijacking vulnerability.
About
CSWSH tool can connect to both standard and socket.io based WebSockets.
- A standard websocket will have the functionality of sending messages to the server and receiving messages from the server.
- A socket.io based websocket will have only the ping functionality to check if the connection is successful or not.
Requirements
CSWSH works with Python 3 and has few dependencies.
To install these dependencies, navigate to the source directory and execute pip3 install -r requirements.txt
Usage
CSWSH tool provides the below options while connecting to a websocket server.
For standard websocket
$ python3 cswsh.py "wss://echo.websocket.org"
For socket.io based websocket
$ python3 cswsh.py "https://example.com/socket.io/" -sio
On successful connect, send websocket ping message 2probe and server will respond with 3probe as an acknowledgment of the successful connection.
Add custom headers
To add custom headers in the request use -h option
$ python3 cswsh.py "wss://echo.websocket.org" -h "Authorization: Bearer AbCdEf123456"
Add cookies
To add cookies in the request use -c option
$ python3 cswsh.py "wss://echo.websocket.org" -c "sessionID=AbCdEf123456"
Change Origin
To add custom origin header in the request use -o option
$ python3 cswsh.py "wss://echo.websocket.org" -o "http://localhost:8080"
Disable SSL certificate verification
If you don't want the tool to verify the server certificate, use -i option
$ python3 cswsh.py "wss://echo.websocket.org" -i
Support
If you would like to show some support, please connect with me on twitter