Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → andresriancho → Websocket Fuzzer

andresriancho / Websocket Fuzzer

Licence: gpl-3.0

HTML5 WebSocket message fuzzer

Programming Languages

139335 projects - #7 most used programming language

Labels

websocket html5 fuzzing appsec

Projects that are alternatives of or similar to Websocket Fuzzer

Web path scanner

Stars: ✭ 7,246 (+6200.87%)

Mutual labels: appsec, fuzzing

Tap Tap Adventure

Tap Tap Adventure is a massively online 2D MMORPG set in the medieval times with twists.

Stars: ✭ 123 (+6.96%)

Mutual labels: websocket, html5

A WebSocket library optimized for multiplayer JS games, works on WebWorkers with binary data.

Stars: ✭ 167 (+45.22%)

Mutual labels: websocket, html5

Docker image for Ubuntu with X11 and VNC

Stars: ✭ 57 (-50.43%)

Mutual labels: websocket, html5

golang h5捕鱼游戏

Stars: ✭ 58 (-49.57%)

Mutual labels: websocket, html5

WAMP in JavaScript for Browsers and NodeJS

Stars: ✭ 1,345 (+1069.57%)

Mutual labels: websocket, html5

JavaScript and Node.js Framework for controlling Arduino with HTML and WebSockets

Stars: ✭ 1,202 (+945.22%)

Mutual labels: websocket, html5

Learning Webrtc

Codes and notes while learning webrtc

Stars: ✭ 98 (-14.78%)

Mutual labels: websocket, html5

Iot Technical Guide

🐝 IoT Technical Guide --- 从零搭建高性能物联网平台及物联网解决方案和Thingsboard源码分析 ✨ ✨ ✨ (IoT Platform, SaaS, MQTT, CoAP, HTTP, Modbus, OPC, WebSocket, 物模型，Protobuf, PostgreSQL, MongoDB, Spring Security, OAuth2, RuleEngine, Kafka, Docker)

Stars: ✭ 2,334 (+1929.57%)

Mutual labels: websocket

NukeViet CMS is multi Content Management System. NukeViet CMS is the 1st open source content management system in Vietnam. NukeViet was awarded the Vietnam Talent 2011, the Ministry of Education and Training Vietnam officially encouraged to use.

Stars: ✭ 113 (-1.74%)

Mutual labels: html5

Smart Webcomponents

Web Components & Custom Elements for Professional Web Applications

Stars: ✭ 110 (-4.35%)

Mutual labels: html5

Beautiful and powerful HTML file uploading tool. A jQuery, PHP and Node.js plugin that transforms the standard input into a revolutionary and fancy field on your page.

Stars: ✭ 111 (-3.48%)

Mutual labels: html5

使用GO+Vue构建的聊天室网站

Stars: ✭ 113 (-1.74%)

Mutual labels: websocket

Don Blog Backmanage

Don's blog的后台管理系统，基于Vue.js + Node.js + Koa.js + MySQL + Redis + WebSocket。

Stars: ✭ 112 (-2.61%)

Mutual labels: websocket

基于websocket实现浏览器端文本、视频、语音的即时通讯

Stars: ✭ 114 (-0.87%)

Mutual labels: websocket

A tiny wrapper for the HTML5 Battery Status API.

Stars: ✭ 111 (-3.48%)

Mutual labels: html5

CaveExpress is a classic 2D platformer with physics-based gameplay and dozens of levels. CavePacker is a Sokoban game.

Stars: ✭ 111 (-3.48%)

Mutual labels: html5

An application to assist in the organization and prioritization of software security activities.

Stars: ✭ 114 (-0.87%)

Mutual labels: appsec

Mockups with markup — https://sujan-s.github.io/fictoan/

Stars: ✭ 114 (-0.87%)

Mutual labels: html5

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Stars: ✭ 113 (-1.74%)

Mutual labels: appsec

View All Similar Projects ➔

Websocket Fuzzer

A simple websocket fuzzer for application penetration testing.

Three tools are provided:

websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.
send-one-message.py: Sends a websocket message using a new connection
analyze-output.py: Analyzes the data generated by websocket-fuzzer.py

All tools require considerable customization to be used. Please read the source code comments in both files to better understand all the parameters.

Installation and usage

pip install -r requirements.txt

# edit send-one-message.py
python send-one-message.py

In most cases you'll want to use a proxy, such as OWASP ZAP or Burp Suite, to analyze the websocket traffic generated by these tools. Both tools support proxying the websocket traffic.

The workflow for these tools is fairly simple:

Use send-one-message.py to define most of the variables, make sure that authentication is working, etc. Confirm all this with the logs and traffic seen in the local proxy.
Move the send-one-message.py configuration to websocket-fuzzer.py and customize the remaining parameters. Start the process and confirm that the fuzzer is sending what you expect.
Customize the payloads which are sent to the target using payloads/payloads.txt
The websocket-fuzzer will store the logs in text files with this format: output/{token-id}/{connection-id}-{message-number}.log. The token-id identifies the section of the fuzzed message that was modified. Grouping by token-id helps the analyze-output.py tool identify vulnerabilities.
Analyze the logs using grep to find specific things you're looking for, or analyze-output.py for a more generic analysis.

Authentication

The tools support authenticating using user-defined websocket messages. These messages are sent before the ones with the payloads.

Logging

All messages are logged to a user-defined directory. Each connection is logged to a different file. Detailed logging is very important for this tool, since it allows the user to run grep on the output to find interesting things.

Fuzzing

The tool was developed for fuzzing websocket applications which use JSON as a serialization method. If this is not the case for you, please customize the following functions:

* `create_tokenized_messages`
* `replace_token_in_json`

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 115

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗