diff --git a/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md b/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md index 54b4de78..13c10b3b 100644 --- a/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md +++ b/v42/4-Web_Application_Security_Testing/11-Client-side_Testing/10-Testing_WebSockets.md @@ -21,7 +21,7 @@ Traditionally, the HTTP protocol only allows one request/response per TCP connec ### Origin -It is the server’s responsibility to verify the [`Origin` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin) in the initial HTTP WebSocket handshake. If the server does not validate the origin header in the initial WebSocket handshake, the WebSocket server may accept connections from any origin. This could allow attackers to communicate with the WebSocket server cross-domain allowing for CSRF-like issues. See also [Top 10-2017 A5-Broken Access Control](https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control). +It is the server’s responsibility to verify the [`Origin` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin) in the initial HTTP WebSocket handshake. If the server does not validate the origin header in the initial WebSocket handshake, the WebSocket server may accept connections from any origin. This could allow attackers to communicate with the WebSocket server cross-domain allowing for CSRF-like issues. See also [Top 10-2017 A5-Broken Access Control](https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control). The exploit for this weakness is called Cross-Origin Websocket Hijacking (CSWH). ### Confidentiality and Integrity @@ -85,6 +85,7 @@ Gray-box testing is similar to black-box testing. In gray-box testing, the pen-t - [HTML5 Rocks - Introducing WebSockets: Bringing Sockets to the Web](https://www.html5rocks.com/en/tutorials/websockets/basics/) - [W3C - The WebSocket API](https://html.spec.whatwg.org/multipage/web-sockets.html#network) - [IETF - The WebSocket Protocol](https://tools.ietf.org/html/rfc6455) +- [Missing Origin Validation in WebSockets](https://cwe.mitre.org/data/definitions/1385.html) - [Christian Schneider - Cross-Site WebSocket Hijacking (CSWSH)](http://www.christian-schneider.net/CrossSiteWebSocketHijacking.html) - [Jussi-Pekka Erkkilä - WebSocket Security Analysis (PDF)](http://juerkkil.iki.fi/files/writings/websocket2012.pdf) - [Robert Koch- On WebSockets in Penetration Testing](http://www.ub.tuwien.ac.at/dipl/2013/AC07815487.pdf)