09/10/2019

Simplify Web socket pentesting

A server cannot send data to the client on its own initiative. Rather, the client must regularly ask the server whether anything has changed. For this to succeed, the connection must first be established and then the script executed.

After the connection has been established, the data is sent to the client, which happens anew with each request, takes time and loads the server. With web sockets, the connection is maintained permanently so that the client and the server can communicate directly with each other. The result is smaller amounts of data, less server load and therefore less power consumption.

As an IT/OT-Security Specialist, you will come up against limits in any penetration tests (pentests for short), because the usual tools (Burp, Zap or mitmproxy) only allow limited use of web sockets. However, this can be circumvented with a trick: A separate proxy is used that manages the Web socket connection and at the same time offers an HTTP interface that sends all HTTP requests via the Web socket interface. The whole thing is programmed in Python 3 and uses the libraries “http” and “websocket-client”. The code in order:

1. First the proxy establishes the Web Socket connection

2. Then the http server is started, which forwards the data to the Web socket via GET request.

3. Now any tool that “speaks” HTTP can send data to the Web Socket server and thus contribute to the pentest.

LIMES recommends:

Download the whole code for the script #HERE 🙂 or make an appointment with our IT/OT-Security Specialist – give us a call!