WebSocket Turbo Intruder

This extension enables advanced fuzzing of WebSocket messages using custom Python code. It provides two integrated tools for either launching scripted attacks or creating a middleware proxy for interacting with WebSocket connections via HTTP.

Features

• Fuzz WebSocket messages using customizable Python scripts
• Send custom WebSocket payloads with dynamic content replacement
• Supports different WebSocket engines: Burp, Turbo, and Threaded
• Optional HTTP middleware to route requests through WebSocket
• Manual or programmatic control over connection configuration and message dispatch
• Message logging with timestamp, direction, length, and comment support

Usage

Intruder Tool

1. Right-click a WebSocket message and navigate to Extensions → WebSocket Turbo Intruder → Send to WebSocket Turbo Intruder.
2. If part of the message is highlighted before sending, it will be replaced with %s in the payload.
3. Select a template from the drop-down list.
4. Edit the Python code to suit your testing logic.
5. Start the attack to initiate a new WebSocket connection and send payloads.

Middleware Tool

1. Right-click a WebSocket message and navigate to Extensions → WebSocket Turbo Intruder → Send to WebSocket HTTP Middleware.
2. Click the Start button to launch the internal HTTP server.
3. Each WebSocket connection creates an HTTP POST endpoint that forwards requests to the server.
4. Select the desired HTTP server from the table, then use Burp tools to send HTTP requests to it.