Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → koto → Socket_io_client

koto / Socket_io_client

Python tool for testing vulnerabilities in WebSockets / Socket.IO servers

Programming Languages

python

139335 projects - #7 most used programming language

A simple malicious Socket.IO client as a Python script.

http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html

It can:

Handshake with a Socket.io server
Ignore all Origin restrictions
Transparently handle all socket.io heartbeats
Send arbitrary messages - from a prompt or an input file. Messages could be raw or properly formatted according to socket.io protocol
Receive/log all server messages

I also included a few exemplary payloads which can crash servers I encountered. You can test the client against my vulnerable chat application (try XSS).

Connect (with Chrome or other browser supporting websockets) to http://vuln.nodester.com/chat.html
Run the command line client ./socket_io_client.py vuln.nodester.com 80
Start conversation
Try to inject XSS from the command line client

You could also use my prepared payloads like so:

./socket_io_client.py vuln.nodester.com 80 < payloads.txt

Or save all server reponses like so: ./socket_io_client.py vuln.nodester.com 80 > output.txt

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 70

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗