Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/andresriancho/websocket-fuzzer

HTML5 WebSocket message fuzzer
https://github.com/andresriancho/websocket-fuzzer

appsec fuzzing html5 websocket

Last synced: 2 months ago
JSON representation

HTML5 WebSocket message fuzzer

Host: GitHub
URL: https://github.com/andresriancho/websocket-fuzzer
Owner: andresriancho
License: gpl-3.0
Created: 2018-01-17T14:43:38.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2018-11-23T13:51:56.000Z (about 6 years ago)
Last Synced: 2024-04-16T03:52:13.026Z (10 months ago)
Topics: appsec, fuzzing, html5, websocket
Language: Python
Homepage:
Size: 38.1 KB
Stars: 140
Watchers: 9
Forks: 34
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

## Websocket Fuzzer

A simple websocket fuzzer for application penetration testing.

Three tools are provided:

* `websocket-fuzzer.py`: Receives a websocket message, modifies it, and
then sends it in different connections. The response is analyzed to find
potential vulnerabilities.

* `send-one-message.py`: Sends a websocket message using a new connection

* `analyze-output.py`: Analyzes the data generated by `websocket-fuzzer.py`

All tools require considerable customization to be used. Please read the
source code comments in both files to better understand all the parameters.

## Installation and usage

```
pip install -r requirements.txt

# edit send-one-message.py
python send-one-message.py
```

In most cases you'll want to use a proxy, such as OWASP ZAP or Burp Suite, to
analyze the websocket traffic generated by these tools. Both tools support
proxying the websocket traffic.

The workflow for these tools is fairly simple:

* Use `send-one-message.py` to define most of the variables, make sure that
authentication is working, etc. Confirm all this with the logs and traffic
seen in the local proxy.

* Move the `send-one-message.py` configuration to `websocket-fuzzer.py` and
customize the remaining parameters. Start the process and confirm that the
fuzzer is sending what you expect.

* Customize the payloads which are sent to the target using `payloads/payloads.txt`

* The `websocket-fuzzer` will store the logs in text files with this format:
`output/{token-id}/{connection-id}-{message-number}.log`. The `token-id` identifies
the section of the fuzzed message that was modified. Grouping by `token-id` helps
the `analyze-output.py` tool identify vulnerabilities.

* Analyze the logs using `grep` to find specific things you're looking for, or
`analyze-output.py` for a more generic analysis.

## Authentication

The tools support authenticating using user-defined websocket messages. These
messages are sent before the ones with the payloads.

## Logging

All messages are logged to a user-defined directory. Each connection is logged
to a different file. Detailed logging is very important for this tool, since
it allows the user to run `grep` on the output to find interesting things.

## Fuzzing

The tool was developed for fuzzing websocket applications which use `JSON`
as a serialization method. If this is not the case for you, please customize
the following functions:

* `create_tokenized_messages`
* `replace_token_in_json`