Skip to content
HTML5 WebSocket message fuzzer
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
websocket_fuzzer Save the output as output/0/ , output/1/, etc. This allows me to iden… Nov 23, 2018
.gitignore
LICENSE
README.md Improve help Nov 23, 2018
analyze-output.py
requirements.txt
send-one-message.py
websocket-fuzzer.py Revert Nov 23, 2018

README.md

Websocket Fuzzer

A simple websocket fuzzer for application penetration testing.

Three tools are provided:

  • websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.

  • send-one-message.py: Sends a websocket message using a new connection

  • analyze-output.py: Analyzes the data generated by websocket-fuzzer.py

All tools require considerable customization to be used. Please read the source code comments in both files to better understand all the parameters.

Installation and usage

pip install -r requirements.txt

# edit send-one-message.py
python send-one-message.py

In most cases you'll want to use a proxy, such as OWASP ZAP or Burp Suite, to analyze the websocket traffic generated by these tools. Both tools support proxying the websocket traffic.

The workflow for these tools is fairly simple:

  • Use send-one-message.py to define most of the variables, make sure that authentication is working, etc. Confirm all this with the logs and traffic seen in the local proxy.

  • Move the send-one-message.py configuration to websocket-fuzzer.py and customize the remaining parameters. Start the process and confirm that the fuzzer is sending what you expect.

  • Customize the payloads which are sent to the target using payloads/payloads.txt

  • The websocket-fuzzer will store the logs in text files with this format: output/{token-id}/{connection-id}-{message-number}.log. The token-id identifies the section of the fuzzed message that was modified. Grouping by token-id helps the analyze-output.py tool identify vulnerabilities.

  • Analyze the logs using grep to find specific things you're looking for, or analyze-output.py for a more generic analysis.

Authentication

The tools support authenticating using user-defined websocket messages. These messages are sent before the ones with the payloads.

Logging

All messages are logged to a user-defined directory. Each connection is logged to a different file. Detailed logging is very important for this tool, since it allows the user to run grep on the output to find interesting things.

Fuzzing

The tool was developed for fuzzing websocket applications which use JSON as a serialization method. If this is not the case for you, please customize the following functions:

* `create_tokenized_messages`
* `replace_token_in_json`
You can’t perform that action at this time.