Manipulating WebSocket messages to exploit vulnerabilities

Description

This online shop has a live chat feature implemented using WebSockets.

Chat messages that you submit are viewed by a support agent in real time.

To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.

Approach

Upon accessing the lab, I enabled the FoxyProxy extension to intercept all the traffic through Burp Suite. After setting up the proxy, I navigated to the live chat page and started sending messages. I then checked my WebSocket History in Burp Suite's proxy, where I found all the messages being sent in the following format:

{"message":"Hi I'm Ichyaboy and I'm going to hack you if you don't mind"}

To execute a Cross-Site Scripting (XSS) attack, I sent this WebSocket message to the repeater and modified the message value to:

{"message":"<img src=1 onerror=alert(1)>"}

Next, I clicked on the drop-down menu above the request box, selected "Send to server," and then clicked "Send."

Returning to the chat page, I saw an alert box pop up. Since the message was in the chat, all members present in the chat room would also see the alert box. This confirmed that the XSS vulnerability was successfully exploited, solving the lab.

PreviousWebSockets NextCross site WebSocket hijacking