‘Websocket Hijacking’ to steal Session_ID of victim users

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Hello everyone, I hope you all are healthy and safe. Today’s writeup is about one of my find in a gaming website. The interesting part here is that, I always thought this type of attack is just a theory. As always I will try to keep my writeup not soo technical so that it will be easy to understand for any beginner. Let’s start!


Before getting into the details, let’s discuss about websocket requests:

What are Websocket’s ?

Using websocket requests, it’s possible to open a two-way interactive communication session between the user’s browser and a server. With this API, you can send messages to a server and receive event-driven responses without having to poll the server for a reply. If you want to know more check this — https://sookocheff.com/post/networking/how-do-websockets-work/


So I was hunting on this private Hackerone program <redacted>.com. Before start attacking, I have the habit to quickly check the website by intercepting requests in Burpsuite. During this process, I found few websocket requests carrying messages. So I started checking if it’s

Read the article