WS Probing Shell
Interactive shell in order to probe/analyze a WebSocket endpoint.
The project is under developmement and the creation of a pip module is planned in order to facilitate the installation/update.
This shell was developed because I didn't find a tool or a extension in Burp/OWASP Zap allowing me to deeply inspect and probe a WebSocket endpoint in the same way that I can do it for example for a web endpoint like a REST web service.
Python version requirement
Python >= 3.5
Use the following command to install the dependencies packages:
pip install -r requirements.txt
How to use it?
Run the script:
Type the following command to obtains the list of available commands and help about them:
.:Welcome to the WebSocket probing shell:. Type help or ? to list commands. (Cmd) help Documented commands (type help <topic>): ======================================== analyze help quit show connect probe_connection_channels_supported replay disconnect probe_request_connection_limit scan fuzz probe_request_length_limit search (Cmd) help replay Replay a specified message a specified number of times Syntax: replay -m [path_to_message_file] -n [repetition_count] Example: replay -m /tmp/message.txt -n 20 Parameters: path_to_message_file: Path to the file (text format) containing the message to replay, no space in path. repetition_count: Number of time that the message must be send (Cmd)
Use of the shell is always something like this:
- connect command using the targeted endpoint (
WSS://xxx) identified for example with Burp or ZAP.
- Action command (1 or N times) like:
- Analysis command (1 or N times) like:
- Finalization command like:
- disconnect command if you want to target another endpoint,
- quit command if you want to exit the shell.