Whitebox testing notes

Websocket tools to interact

BURPSUITE!

websocat https://github.com/vi/websocat/releases/tag/v1.11.0

Websocket scanner

https://github.com/PalindromeLabs/STEWS

Examples:

python3 STEWS-fingerprint.py -u websockets.htb/messages -n -5
python3 STEWS-fingerprint.py -u websockets.htb/messages -n -4
python3 STEWS-vuln-detect.py -h
python3 STEWS-vuln-detect.py -n -u websockets.htb/messages -1
python3 STEWS-vuln-detect.py -n -u websockets.htb/messages -1 -d

Setup mysql docker container

docker run -p 3306:3306 -e MYSQL_USER='db' -e MYSQL_PASSWORD='db-password' -e MYSQL_DATABASE='db' -e MYSQL_ROOT_PASSWORD='db' --mount type=bind,source="$(pwd)/db.sql",target=/docker-entrypoint-initdb.d/db.sql mysql

Setup http middleware for WebSocket connection

from flask import Flask, request
from websocket import create_connection
import json

app = Flask(__name__)

WS_URL = 'ws://172.17.0.2/dbconnector'

@app.route('/')
def index():
    req = {}
    req['username'] = request.args.get('username', '')

    ws = create_connection(WS_URL)
    ws.send(json.dumps(req))
    r = json.loads(ws.recv())
    ws.close()

    if r.get('error'):
        return r['error']

    return r['messages']

app.run(host='127.0.0.1', port=8000)

Sites to monitor requests incase you don’t want to host locally

https://app.interactsh.com/#/ https://webhook.site/