Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/DeepakPawar95/cswsh

A command-line tool for Cross-Site WebSocket Hijacking
https://github.com/DeepakPawar95/cswsh

pentest-tool security-tools websocket

Last synced: 3 months ago
JSON representation

A command-line tool for Cross-Site WebSocket Hijacking

Host: GitHub
URL: https://github.com/DeepakPawar95/cswsh
Owner: DeepakPawar95
Created: 2020-01-11T21:02:02.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2023-10-18T01:49:43.000Z (about 1 year ago)
Last Synced: 2024-06-06T22:48:10.197Z (5 months ago)
Topics: pentest-tool, security-tools, websocket
Language: Python
Homepage:
Size: 18.6 KB
Stars: 39
Watchers: 1
Forks: 3
Open Issues: 4
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - DeepakPawar95/cswsh - A command-line tool for Cross-Site WebSocket Hijacking (Python)

README

# CSWSH
A command-line tool designed to test and connect to a WebSocket which are vulnerable to Cross-Site WebSocket Hijacking vulnerability.

### About
CSWSH tool can connect to both standard and socket.io based WebSockets.
- A standard websocket will have the functionality of sending messages to the server and receiving messages from the server.
- A socket.io based websocket will have only the ping functionality to check if the connection is successful or not.

### Requirements
CSWSH works with `Python 3` and has few dependencies.

To install these dependencies, navigate to the source directory and execute `pip3 install -r requirements.txt`

### Usage
CSWSH tool provides the below options while connecting to a websocket server.

#### For standard websocket
```bash
$ python3 cswsh.py "wss://echo.websocket.org"
```

#### For socket.io based websocket
```bash
$ python3 cswsh.py "https://example.com/socket.io/" -sio
```
On successful connect, send websocket ping message `2probe` and server will respond with `3probe` as an acknowledgment of the successful connection.

#### Add custom headers
To add custom headers in the request use `-h` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -h "Authorization: Bearer AbCdEf123456"
```

#### Add cookies
To add cookies in the request use `-c` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -c "sessionID=AbCdEf123456"
```

#### Change Origin
To add custom origin header in the request use `-o` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -o "http://localhost:8080"
```

#### Disable SSL certificate verification
If you don't want the tool to verify the server certificate, use `-i` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -i
```

### Support
If you would like to show some support, please connect with me on [twitter](https://twitter.com/_dspawar)