{"id":13845595,"url":"https://github.com/DeepakPawar95/cswsh","last_synced_at":"2025-07-12T02:32:19.525Z","repository":{"id":45316674,"uuid":"233296840","full_name":"DeepakPawar95/cswsh","owner":"DeepakPawar95","description":"A command-line tool for Cross-Site WebSocket Hijacking","archived":false,"fork":false,"pushed_at":"2023-10-18T01:49:43.000Z","size":19,"stargazers_count":39,"open_issues_count":4,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-08-05T17:44:58.216Z","etag":null,"topics":["pentest-tool","security-tools","websocket"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DeepakPawar95.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-11T21:02:02.000Z","updated_at":"2024-05-31T11:57:28.000Z","dependencies_parsed_at":"2023-01-25T04:01:21.764Z","dependency_job_id":null,"html_url":"https://github.com/DeepakPawar95/cswsh","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakPawar95%2Fcswsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakPawar95%2Fcswsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakPawar95%2Fcswsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakPawar95%2Fcswsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DeepakPawar95","download_url":"https://codeload.github.com/DeepakPawar95/cswsh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784834,"owners_count":17523712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentest-tool","security-tools","websocket"],"created_at":"2024-08-04T17:03:29.648Z","updated_at":"2024-11-21T18:32:27.584Z","avatar_url":"https://github.com/DeepakPawar95.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# CSWSH\nA command-line tool designed to test and connect to a WebSocket which are vulnerable to Cross-Site WebSocket Hijacking vulnerability.\n\n### About\nCSWSH tool can connect to both standard and socket.io based WebSockets.\n - A standard websocket will have the functionality of sending messages to the server and receiving messages from the server.\n - A socket.io based websocket will have only the ping functionality to check if the connection is successful or not.\n \n### Requirements\nCSWSH works with `Python 3` and has few dependencies.\n\nTo install these dependencies, navigate to the source directory and execute `pip3 install -r requirements.txt`\n\n### Usage\nCSWSH tool provides the below options while connecting to a websocket server.\n\n#### For standard websocket\n```bash\n$ python3 cswsh.py \"wss://echo.websocket.org\"\n``` \n\n#### For socket.io based websocket\n```bash\n$ python3 cswsh.py \"https://example.com/socket.io/\" -sio\n```\nOn successful connect, send websocket ping message `2probe` and server will respond with `3probe` as an acknowledgment of the successful connection.\n\n#### Add custom headers\nTo add custom headers in the request use `-h` option\n```bash\n$ python3 cswsh.py \"wss://echo.websocket.org\" -h \"Authorization: Bearer AbCdEf123456\"\n```\n\n#### Add cookies\nTo add cookies in the request use `-c` option\n```bash\n$ python3 cswsh.py \"wss://echo.websocket.org\" -c \"sessionID=AbCdEf123456\"\n```\n\n#### Change Origin \nTo add custom origin header in the request use `-o` option\n```bash\n$ python3 cswsh.py \"wss://echo.websocket.org\" -o \"http://localhost:8080\"\n```\n\n#### Disable SSL certificate verification\nIf you don't want the tool to verify the server certificate, use `-i` option\n```bash\n$ python3 cswsh.py \"wss://echo.websocket.org\" -i\n```\n\n\n### Support\nIf you would like to show some support, please connect with me on [twitter](https://twitter.com/_dspawar)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDeepakPawar95%2Fcswsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FDeepakPawar95%2Fcswsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FDeepakPawar95%2Fcswsh/lists"}