websocket – Page 2 – WindowsTechs.com

How to Remediate a Cross-Site WebSocket Vulnerability

Posted on August 16, 2022 by Ramandeep Kaur

Today, many leading industries and modern enterprises have switched from processing and acting on data stored in databases to data in flight. How? Through real-time applications. One way to enable this is WebSocket, but it comes with vulnerabilities as well. What Is WebSocket? Real-time applications operate within an immediate time frame; sensing, analyzing and acting […]

The post How to Remediate a Cross-Site WebSocket Vulnerability appeared first on Security Intelligence.

Continue reading How to Remediate a Cross-Site WebSocket Vulnerability→

What’s threat if WebSocket connection only checks authentication in the `Open` event

Posted on July 6, 2022 by T.Todua

(I had checked the similar topics this/this/this/this, but I couldn’t find the exact scenario or example)
Let’s say I have a websocket server (MITM and XSS attacks are not in scope) where inside ‘open’ event, I check if user has authorizat… Continue reading What’s threat if WebSocket connection only checks authentication in the `Open` event→

How do I stop external sites from doing ws://localhost and doing funny things to non-HTTP servers? [duplicate]

Posted on March 29, 2022 by Joshua

Discovered a certain site that I would rather not link was being mean and probing a bunch of ports with ws://127.0.0.1:port and wss://127.0.0.1:port. I want to put a stop to it, but how? Then discovered ebay was doing the same thing and on… Continue reading How do I stop external sites from doing ws://localhost and doing funny things to non-HTTP servers? [duplicate]→

How to view all SSL certificates for a website using Google Chrome?

Posted on December 12, 2021 by The Amateur Coder

How to view all SSL certificates for a website using Chrome? When I click the lock icon, it shows only one certificate. The Security tab shows the same – details of only one certificate. How can I see all the certificates on a website? Is … Continue reading How to view all SSL certificates for a website using Google Chrome?→

Is SSL over WebSocket less necessary when a connection is established from a smartphone?

Posted on November 17, 2021 by user270184

I am developing a modification for a game server. The mod hosts a SocketServer which clients can connect to using a smartphone app, allowing them to chat with other players whilst not physically playing on the server.
In order for a client… Continue reading Is SSL over WebSocket less necessary when a connection is established from a smartphone?→

Should I use Secure WebSockets for a game server plugin/extension?

Posted on November 16, 2021 by user270184

I am currently building a plugin for a modified distribution of Minecraft server software called Spigot.
The primary role of a Minecraft server is to send and receive packets from clients to keep all players in sync. Spigot is a modificati… Continue reading Should I use Secure WebSockets for a game server plugin/extension?→

Is it secure to send messages between a WS Server and the client?

Posted on November 14, 2021 by Parking Master

Is it secure to send messages between a WebSocket Server and the Client?
An example of sending messages between a (Socket.io) server, is in Node.js:
socket.on("myMessage", function(msg) {
// "msg" is the message being s… Continue reading Is it secure to send messages between a WS Server and the client?→

The Wireless PS/2 Keyboard That Never Was

Posted on October 17, 2021 by Dan Maloney

The PS/2-style port was once about as ubiquitous on PCs as USB connectors are today, and more than a few of us accumulated a fair collection of keyboards and mice …read more Continue reading The Wireless PS/2 Keyboard That Never Was→

Intercept and modify Server-Sent Events (EventSource API)

Posted on September 22, 2021 by GarlicCheese

I’m working with a web application using Server-Sent Events (SSE, EventSource API), similar to WebSockets. However, none of the commonly penetration test tools seem to fully support this.
I’ve tried Burp Professional, OWASP ZAP and mitmpro… Continue reading Intercept and modify Server-Sent Events (EventSource API)→

Browsing internet without promo in philippines using websocket vpn [closed]

Posted on August 23, 2021 by Deux22

Can anyone help with my payload setup?
[method] metaData-HEAD://caladbolg.uplb.edu.ph HTTP/1.1
Host: sgdo13.itamisama55.tk [crlf][protocol][method][instant_split] port: null-1 [crlf]Connection: Upgrade
Upgrade: websocket, HTTP/1.1
Upgrade:… Continue reading Browsing internet without promo in philippines using websocket vpn [closed]→