Collaborate Disseminate
Websockets don’t support sending auth tokens during websocket handshake as part of HTTP headers, rather only via query parameters. This has a security risk of leaking these tokens in server logs. However, if we create these JWT tokens with… Continue reading Is it secure to send JWT tokens in url query parameters if we use nonce to make it a one time token?
I am studying the concept of sockets (and their types). I found the existence of the Sequenced packet socket, which to my conclusion works on top of the Sequenced packet protocol.
When I did a short research about the Sequenced packet prot… Continue reading What is the difference between the TCP and SPP protocols? [closed]
In RFC6455 section 10.3, it explains why they have made clients mask their outgoing frames (so that a malicious server cannot manipulate a client into sending something in plaintext, as the message could be a HTTP request which could be us… Continue reading Cache poisoning from rfc6455 (WebSockets) not requiring server message to be masked?
I read that book websockets are slower than api request if rate of request is Slow. This got me thinking about difference in their overhead, I couldn’t find the actual overhead for websocket, so I am asking question.
If I have understood Cross-Site WebSocket Hijacking (CSWSH) attack correctly [1][2][3][4], the attack relies on two things (examples are from the first reference):
the browser sending the cookies set by the victim domain (www.some-trading… Continue reading Why is the browser not sending cookies with cross-domain WebSocket handshake request?
Can a client script provide to the browser a certificate to accept in a wss:// connection? The WebSocket constructor does not seem to have many options.
(I am designing an IoT server that lets the owner share access with other users by ema… Continue reading Can a client script (running within a webpage) provide to the browser a certificate to accept in a wss:// connection?
I’ve been reading about WebSockets, and learned that they apply masking of messages using a XOR cipher. This is done in order to prevent attackers from being able to make the data they send using WebSockets look like an HTTP request, becau… Continue reading How does masking in WebSockets prevent cache poisoning if the attacker can write their own WebSocket client?
Today, many leading industries and modern enterprises have switched from processing and acting on data stored in databases to data in flight. How? Through real-time applications. One way to enable this is WebSocket, but it comes with vulnerabilities as well. What Is WebSocket? Real-time applications operate within an immediate time frame; sensing, analyzing and acting […]
The post How to Remediate a Cross-Site WebSocket Vulnerability appeared first on Security Intelligence.
Continue reading How to Remediate a Cross-Site WebSocket Vulnerability
(I had checked the similar topics this/this/this/this, but I couldn’t find the exact scenario or example)
Let’s say I have a websocket server (MITM and XSS attacks are not in scope) where inside ‘open’ event, I check if user has authorizat… Continue reading What’s threat if WebSocket connection only checks authentication in the `Open` event
Discovered a certain site that I would rather not link was being mean and probing a bunch of ports with ws://127.0.0.1:port and wss://127.0.0.1:port. I want to put a stop to it, but how? Then discovered ebay was doing the same thing and on… Continue reading How do I stop external sites from doing ws://localhost and doing funny things to non-HTTP servers? [duplicate]