Lab: Manipulating WebSocket messages to exploit vulnerabilities
This online shop has a live chat feature implemented using WebSockets.
Chat messages that you submit are viewed by a support agent in real time.
To solve the lab, use a WebSocket message to trigger an
alert() popup in the support agent's browser.
- Click "Live chat" and send a chat message.
- In Burp Proxy, go to the WebSockets history tab, and observe that the chat message has been sent via a WebSocket message.
Using the browser, send a new message containing a
In Burp Proxy, find the corresponding WebSocket message and observe that the
<has been HTML-encoded by the client before sending.
- Ensure that Burp Proxy is configured to intercept WebSocket messages, then send another chat message.
Edit the intercepted message to contain the following payload:
<img src=1 onerror='alert(1)'>
- Observe that an alert is triggered in the browser. This will also happen in the support agent's browser.