Getting started with Burp Proxy's WebSockets history
Last updated: August 25, 2022
Read time: 2 Minutes
Burp Proxy is a web proxy server that lets you view, intercept, and even modify the communication between Burp's browser and web servers.
The WebSockets history tab displays a log of any WebSockets messages that Burp's browser exchanges with web servers.
This enables you to:
- Study the behavior of a target website.
- Look for vulnerabilities in WebSockets handshakes and messages.
- Send interesting messages to other tools in Burp Suite for further testing.
To get started using the WebSockets history tab, we recommend following the tutorial below.
For more detailed information about the WebSockets history tab, please see the full documentation.
In this tutorial, you'll learn the basics of using the WebSockets history using one of the deliberately vulnerable labs on the Web Security Academy.
Step 1: Access the lab
Open Burp's browser, and use it to access the following lab:
Click Access the lab and log in to your PortSwigger account if prompted. This opens your own instance of a deliberately vulnerable shopping website with a live chat feature.
Step 2: Populate the WebSockets history
To see how the WebSockets history tab works, you first need to populate it with messages.
Position Burp's browser and Burp Suite side by side.
On the shopping website, click Live chat.
Send some messages in the chat box and notice that the WebSockets history is populating as you do so.
Step 3: View a WebSockets message
To view more details about a particular WebSockets message, click its entry in the history table. This displays its raw text in the message editor.
Notice the initial handshake message sent to the server, followed by the exchange of messages between the client and server.
Step 4: Sort and filter the message history table
You can sort and filter the message history table.
To sort the table using a particular column, simply click on the column header. You might find it useful to sort the history table so that the most recent messages are on top.
To open the Filter settings, click the Filter bar above the history table.
Step 5: Send a message to another tool
You can right-click on a request, either in the history table or the message editor, to open a context menu. From here, you can choose from a range of actions.
One of the most commonly used actions is to send an interesting message to one of Burp's other tools for further testing.
You can use Burp Repeater to edit and resend WebSockets messages, to test how the server responds.
Learn more about Burp Proxy's WebSockets history
You have had a brief overview of using the WebSockets history tab to view WebSockets messages and send them to other tools for further testing.
For more detailed information about the WebSockets history please see full documentation on the WebSockets history.
Why not learn more about WebSockets in our Web Security Academy?
Was this article helpful?
An error occurred, please try again.