Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/DeepakPawar95/cswsh
A command-line tool for Cross-Site WebSocket Hijacking
https://github.com/DeepakPawar95/cswsh
pentest-tool security-tools websocket
Last synced: 21 days ago
JSON representation
A command-line tool for Cross-Site WebSocket Hijacking
- Host: GitHub
- URL: https://github.com/DeepakPawar95/cswsh
- Owner: DeepakPawar95
- Created: 2020-01-11T21:02:02.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-10-18T01:49:43.000Z (about 1 year ago)
- Last Synced: 2024-08-05T17:44:58.216Z (4 months ago)
- Topics: pentest-tool, security-tools, websocket
- Language: Python
- Homepage:
- Size: 18.6 KB
- Stars: 39
- Watchers: 1
- Forks: 3
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - DeepakPawar95/cswsh - A command-line tool for Cross-Site WebSocket Hijacking (Python)
README
# CSWSH
A command-line tool designed to test and connect to a WebSocket which are vulnerable to Cross-Site WebSocket Hijacking vulnerability.### About
CSWSH tool can connect to both standard and socket.io based WebSockets.
- A standard websocket will have the functionality of sending messages to the server and receiving messages from the server.
- A socket.io based websocket will have only the ping functionality to check if the connection is successful or not.
### Requirements
CSWSH works with `Python 3` and has few dependencies.To install these dependencies, navigate to the source directory and execute `pip3 install -r requirements.txt`
### Usage
CSWSH tool provides the below options while connecting to a websocket server.#### For standard websocket
```bash
$ python3 cswsh.py "wss://echo.websocket.org"
```#### For socket.io based websocket
```bash
$ python3 cswsh.py "https://example.com/socket.io/" -sio
```
On successful connect, send websocket ping message `2probe` and server will respond with `3probe` as an acknowledgment of the successful connection.#### Add custom headers
To add custom headers in the request use `-h` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -h "Authorization: Bearer AbCdEf123456"
```#### Add cookies
To add cookies in the request use `-c` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -c "sessionID=AbCdEf123456"
```#### Change Origin
To add custom origin header in the request use `-o` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -o "http://localhost:8080"
```#### Disable SSL certificate verification
If you don't want the tool to verify the server certificate, use `-i` option
```bash
$ python3 cswsh.py "wss://echo.websocket.org" -i
```### Support
If you would like to show some support, please connect with me on [twitter](https://twitter.com/_dspawar)