How to fully control the session? and see WebSocket hijacking (1)

WebSockets is a HTML5 feature that provides a Full-duplex channel to a single TCP connection. Its continuous connection function makes it possible to build a B/S mode real-time application. WebSockets are often used in Web applications with chat capabilities. The following picture is very apt to illustrate the websockets:498 of a apt attack this.width=498 ' onmousewheel = ' javascript:return big (This) ' border= ' 0 ' alt= "How to fully control the session?" and see WebSocket Hijacking "src=" http://s7.51cto.com/wyfs02/M01/56/CE/wKiom1SOcOzDbFqFAABeWE7xsH4767.jpg " Width= "525" height= "375"/> Popular Science: Homology strategy (Mahouve origin policy): Homology means, domain name, protocol, port is the same, that is, browser will check the same browser in different tabs, the same source script to execute across the tab. Origin field: The browser may add a origin field when sending a POST request, and the Origin field is primarily used to identify where the initial request originated. If the browser is unsure where the source is, the value of the Origin field in the sent request is empty. Ironwasp: An open source Web test platform, users can customize the security scan, and can use Python/ruby to define the plug-in system. See also: Http://www.freebuf.com/tools/32948.htmlZAP (Zed Attack Proxy): A penetration testing framework that integrates various tools to uncover vulnerabilities in Web applications, see: HTTP ://www.freebuf.com/tools/5427.htmlwebsocket security Assessment Recently, we have made a security assessment of a Web application with complex menu options and functions. Most of the operations in this application are web-sockets, which means that most of their behavior is not recorded on the HTTP proxy log. First, after we open the homepage, the website will load a static web page with JS script and CSS file. Thereafter, the entire communication interaction is converted to WebSockets mode, and a websocket connection is established between the browser and the server to load all the visible HTML resources in the site. When you click the link or submit form form, the browser sends some WebSocket messages to the server. After the server has processed the messages, feedback is made through WebSocket, and the client browser displays the new HTML content. When the WebSocket message is interacting, the number of communications is enormous. Each second they have a heartbeat probe packet interaction. However, the existing tools did not reach my requirements, I had to add a WebSocket message analyzer and a websocket client to ironwasp so that it could recognize WebSocket and try to fuzz its vulnerabilities. You can learn about it here. In testing this application, I found that there was a WebSocket Cross station hijacking (cross-site WebSocket hijacking) Vulnerability (pioneered by Christian Schneider). Of course, I'll explain the impact of this vulnerability before I introduce you to the test methods. Before testing the relevant websockets applications, we need to prepare them first. 1 2 3 next page >> view full-text navigation page 1th: WebSocket Security Assessment page 2nd: WebSocket cross-station Hijacking vulnerability Experiment Preparation 3rd: Online test Tools Original: How to control the session fully? and see WebSocket Cross Station hijacking (1) Back to network security home