Working with Websockets

What are websockets?

WebSockets provide a persistent, full-duplex connection between client and server, allowing real-time two-way communication.

In contrast, HTTP requests are stateless and one-way: the client must always initiate communication, and each request/response is independent.

WebSockets = continuous, bidirectional channel

HTTP = request/response, client-initiated only

Basics of working with websockets

In the first step we have to identify websocket settings:

// Example app config with WebSocket settings
var appData = {
  "jsonData": {
    "isAjax": true,
    "isMobile": false,
    "websocket_url": "wss://example.com/chat",
    "token": "abc123securetoken"
  },
  "webroot": "https://example.com/",
  "controller": "Chat",
  "action": "index",
  "params": {
    "userId": 42,
    "room": "general"
  }
};

Next, we have to closely analyze how the websockets communicate with web server:

// Open the WebSocket connection
var ws = new WebSocket(appData.jsonData.websocket_url);

// When connection opens
ws.onopen = function() {
  console.log("Connected to server:", appData.jsonData.websocket_url);

  // Example: authenticate user after connection
  ws.send(JSON.stringify({
    action: "join",
    room: appData.params.room,
    token: appData.jsonData.token,
    userId: appData.params.userId
  }));
};

// When a message is received
ws.onmessage = function(event) {
  let data = JSON.parse(event.data);
  console.log("Received:", data);

  if (data.type === "message") {
    console.log(`[${data.user}]: ${data.text}`);
  }
};

// Handle errors
ws.onerror = function(err) {
  console.error("WebSocket error:", err);
};

Coding the websocket client

Usually we can use Burp Suite to interact with websockets. While learning for OSWE we should prioritize connecting to services from python since this is usually the lanugage in which we have to create Proof of Concepts.

// Some code