{"id":19260272,"url":"https://github.com/scipag/websocket_fuzzer","last_synced_at":"2025-06-20T17:08:33.804Z","repository":{"id":175580723,"uuid":"628890833","full_name":"scipag/websocket_fuzzer","owner":"scipag","description":"Simple WebSocket fuzzer","archived":false,"fork":false,"pushed_at":"2023-06-15T14:16:26.000Z","size":24,"stargazers_count":33,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-06-20T17:08:18.548Z","etag":null,"topics":["fuzzing","penetration-testing-tools","pentest-script","pentest-tool","security-automation","security-scanner","security-tools","websocket-fuzzing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scipag.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-17T07:38:55.000Z","updated_at":"2025-06-05T15:14:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"da53e2b2-501d-4b13-968c-3e63d06307fb","html_url":"https://github.com/scipag/websocket_fuzzer","commit_stats":null,"previous_names":["scipag/websocket_fuzzer"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/scipag/websocket_fuzzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scipag%2Fwebsocket_fuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scipag%2Fwebsocket_fuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scipag%2Fwebsocket_fuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scipag%2Fwebsocket_fuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scipag","download_url":"https://codeload.github.com/scipag/websocket_fuzzer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scipag%2Fwebsocket_fuzzer/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260985173,"owners_count":23092885,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","penetration-testing-tools","pentest-script","pentest-tool","security-automation","security-scanner","security-tools","websocket-fuzzing"],"created_at":"2024-11-09T19:19:38.069Z","updated_at":"2025-06-20T17:08:28.785Z","avatar_url":"https://github.com/scipag.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WebSocket Fuzzer\n\n_WebSocket Fuzzer_ is a simple WebSocket fuzzing script. Part of its creation process is described in the article [WebSocket Fuzzing - Development of a custom fuzzer](https://www.scip.ch/en/?labs.20230420).\n\n## Installation and usage\n\nThe script only runs with Python 3. To install the necessary modules use `pip3 install -r requirements.txt`.\n\nIt is generally recommended to use a proxy like Burp Suite or OWASP ZAP to record the WebSocket traffic which is created by this script since this script does not generate a log file of all the messages that have been sent. Furthermore, the analysis of all the generated server responses has to happen manually by the tester. The script creates a new WebSocket for every fuzzed message and closes it again after processing the response. This was done since it could not be guaranteed that a WebSocket was still valid after a previous fuzzing round.\n\nCommon execution examples for the WebSocket Fuzzer would be:\n\n```bash\n# fuzz http://example.com with specified session cookie and proxy\npython3 websocket-fuzzer.py -c \"session=example_value\" -f fuzzing_payloads.txt -m websocket_messages.txt -p \"127.0.0.1:8080\" http://example.com\n\n# fuzz https://example.com with specified Authorization header and proxy, includes a timout of 5 seconds to wait for responses and runs in verbose mode\npython3 websocket-fuzzer.py -a \"Authorization: Bearer \u003ctoken\u003e\" -f fuzzing_payloads.txt -m websocket_messages.txt -p \"127.0.0.1:8080\" -t 5 -v https://example.com\n```\n\nThe script was developed for fuzzing websocket applications which send their messages with JSON. If this is not the case for you, please customize the following function: `payload_parsing`.\n\n## Usage options\n\n```\nusage: websocket-fuzzer.py [-h] [-a AUTH_HEADER] [-c COOKIE] [-e ERROR_MESSAGES] -f FUZZ_FILE -m MESSAGE_FILE [-p PROXY] [-t TIMEOUT] [-u URL_PATH] [-v] [--version] target\n\nSimple WebSocket fuzzer: Manuall analysis of results needed! Author: Andrea Hauser - scip AG\n\npositional arguments:\n  target                Defines target to fuzz in format protocol://hostname:port where protocol is either http/https and :port is optional\n\noptions:\n  -h, --help            show this help message and exit\n  -a AUTH_HEADER, --auth_header AUTH_HEADER\n                        Sets user defined header(s), for applications which are not using cookies.\n                        For multiple headers use option more than once\n  -c COOKIE, --cookie COOKIE\n                        Specifies a cookie for setting up WebSocket\n  -e ERROR_MESSAGES, --error_messages ERROR_MESSAGES\n                        Specifies what error messages a potential response should be analyzed for. Expected format\n                        is a comma separated string like value1,value2. The default strings that will be looked for\n                        are error, stacktrace and trace\n  -f FUZZ_FILE, --fuzz_file FUZZ_FILE\n                        File which contains the fuzzing attack payloads, one payload per line\n  -m MESSAGE_FILE, --message_file MESSAGE_FILE\n                        File which contains the WebSocket messages prepared to be fuzzed. Assumes one message per line.\n                        The string FUZZ_VALUE will be replaced with the content of the fuzzing payloads file.\n                        If non fuzzed pre messages are required before successfully fuzzing a message, list those\n                        pre messages line by line before the actual message and start them with PRE_MESSAGE\n  -p PROXY, --proxy PROXY\n                        Specifies proxy in format proxy:port\n  -t TIMEOUT, --timeout TIMEOUT\n                        Specifies how long a WebSocket connection is kept open to receive responses\n  -u URL_PATH, --url_path URL_PATH\n                        URL path where protocol switching happens\n  -v, --verbose         Increases program output in the console\n  --version             show program's version number and exit\n```\n\n## Examples\n\nThe _examples_ directory contains example files which show what potential _fuzzing\\_payloads_ and _websocket\\_messages_ files need to look like.\n\nIf _websocket\\_messages.txt_ contains the following values:\n```\nPRE_MESSAGE READY\n{\"message\":\"FUZZ_VALUE\"}\n{\"other\":\"FUZZ_VALUE\"}\n```\n\nand the _fuzzing\\_payloads.txt_ file contains the following values:\n```\n\u003cimg src=1 onerror='alert(1)'\u003e\nsql test with space '-- \n```\n\nthe script will send `READY` as a pre message for the message where it was specified befor sending a fuzzed message.\n\nTherefore the script will send the following WebSocket messages with the provided example files:\n\n```\nREADY\n{\"message\":\"\u003cimg src=1 onerror='alert(1)'\u003e\"}\nREADY\n{\"message\":\"sql test with space '-- \"}\n{\"other\":\"\u003cimg src=1 onerror='alert(1)'\u003e\"}\n{\"other\":\"sql test with space '-- \"}\n```\n\n## Ideas for future enhancements\n\n- [x] The established WebSocket connection is closed again relatively quickly after sending the fuzzed messages. The aim is to build in a timeout so that the response time of the server can also be somewhat longer and still be captured. A good balance must be found between extending the time to fuzz and the time to wait for delayed responses.\n- [x] Currently the script can only be used with cookies. This should be generalised so that other authentication methods such as Authentication: Bearer can also be used.\n- [x] Despite the initially contrary decision, it could still be helpful to include a primitive detection option for successful attacks in the script, for example matching on error or stack trace or similar, so that the tester already has some good ideas for further manual investigations.\n- [x] Including a progress indicator could be helpful for the tester, as it is currently difficult to see how many payloads the script has already processed if there are many payloads in the fuzzing file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscipag%2Fwebsocket_fuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscipag%2Fwebsocket_fuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscipag%2Fwebsocket_fuzzer/lists"}