Python tool for testing vulnerabilities in WebSockets / Socket.IO servers
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.gitignore - added gitignore for pyc Mar 4, 2011
README - added URL Mar 4, 2011 - first commit Mar 4, 2011 - first commit Mar 4, 2011
handshake.bin - first commit Mar 4, 2011
payloads.txt - first commit Mar 4, 2011 - first commit Mar 4, 2011


A simple malicious Socket.IO client as a Python script.

It can:
 - Handshake with a server
 - Ignore all Origin restrictions
 - Transparently handle all heartbeats
 - Send arbitrary messages - from a prompt or an input file. Messages could be raw or
   properly formatted according to protocol
 - Receive/log all server messages

I also included a few exemplary payloads which can crash servers I encountered. 
You can test the client against my vulnerable chat application (try XSS).

1. Connect (with Chrome or other browser supporting websockets) to
2. Run the command line client
   ./ 80
3. Start conversation
4. Try to inject XSS from the command line client

You could also use my prepared payloads like so:

   ./ 80 < payloads.txt

Or save all server reponses like so:
   ./ 80 > output.txt