‘Websocket Hijacking’ to steal Session_ID of victim users

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Hello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here is that, I always thought this type of attack is just a theory. As always I will try to keep my writeup not soo technical so that it will be easy to understand for any beginner. Let’s start!

https://medium.com/media/5d167e4d52434385408ea023f7ba1d94/href

Before getting into the details, let’s discuss about websocket requests:

What are Websocket’s ?

Using websocket requests, it’s possible to open a two-way interactive communication session between the user’s browser and a server. With this API, you can send messages to a server and receive event-driven responses without having to poll the server for a reply. If you want to know more check this — https://sookocheff.com/post/networking/how-do-websockets-work/

Exploitation:

So I was hunting on this private Hackerone program <redacted>.com. Before start attacking, I have the habit to quickly check the website by intercepting requests in Burpsuite. During this process, I found few websocket requests carrying messages. So I started checking if it’s

Read the article