Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Lab: Manipulating WebSocket messages to exploit vulnerabilities

APPRENTICE

This online shop has a live chat feature implemented using WebSockets.

Chat messages that you submit are viewed by a support agent in real time.

To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.

ACCESS THE LAB

Solution

  1. Click "Live chat" and send a chat message.
  2. In Burp Proxy, go to the WebSockets history tab, and observe that the chat message has been sent via a WebSocket message.
  3. Using the browser, send a new message containing a < character.
  4. In Burp Proxy, find the corresponding WebSocket message and observe that the < has been HTML-encoded by the client before sending.
  5. Ensure that Burp Proxy is configured to intercept WebSocket messages, then send another chat message.

  6. Edit the intercepted message to contain the following payload:

    <img src=1 onerror='alert(1)'>
  7. Observe that an alert is triggered in the browser. This will also happen in the support agent's browser.

Community solutions

Michael Sommer (no audio)

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here

Try Burp Suite for Free

Find WebSocket vulnerabilities using Burp Suite

Try for free