koto / Socket_io_client
Python tool for testing vulnerabilities in WebSockets / Socket.IO servers
Stars: ✭ 70
Programming Languages
python
139335 projects - #7 most used programming language
A simple malicious Socket.IO client as a Python script.
http://blog.kotowicz.net/2011/03/html5-websockets-security-new-tool-for.html
It can:
- Handshake with a Socket.io server
- Ignore all Origin restrictions
- Transparently handle all socket.io heartbeats
- Send arbitrary messages - from a prompt or an input file. Messages could be raw or properly formatted according to socket.io protocol
- Receive/log all server messages
I also included a few exemplary payloads which can crash servers I encountered. You can test the client against my vulnerable chat application (try XSS).
- Connect (with Chrome or other browser supporting websockets) to http://vuln.nodester.com/chat.html
- Run the command line client ./socket_io_client.py vuln.nodester.com 80
- Start conversation
- Try to inject XSS from the command line client
You could also use my prepared payloads like so:
./socket_io_client.py vuln.nodester.com 80 < payloads.txt
Or save all server reponses like so: ./socket_io_client.py vuln.nodester.com 80 > output.txt
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].