andresriancho/websocket-fuzzer andresriancho/websocket-fuzzer

  • Stars
    star
    133
  • Rank 263,667 (Top 6 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
andresriancho/websocket-fuzzer
github

andresriancho

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

HTML5 WebSocket message fuzzer

Websocket Fuzzer

A simple websocket fuzzer for application penetration testing.

Three tools are provided:

  • websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.

  • send-one-message.py: Sends a websocket message using a new connection

  • analyze-output.py: Analyzes the data generated by websocket-fuzzer.py

All tools require considerable customization to be used. Please read the source code comments in both files to better understand all the parameters.

Installation and usage

pip install -r requirements.txt

# edit send-one-message.py
python send-one-message.py

In most cases you'll want to use a proxy, such as OWASP ZAP or Burp Suite, to analyze the websocket traffic generated by these tools. Both tools support proxying the websocket traffic.

The workflow for these tools is fairly simple:

  • Use send-one-message.py to define most of the variables, make sure that authentication is working, etc. Confirm all this with the logs and traffic seen in the local proxy.

  • Move the send-one-message.py configuration to websocket-fuzzer.py and customize the remaining parameters. Start the process and confirm that the fuzzer is sending what you expect.

  • Customize the payloads which are sent to the target using payloads/payloads.txt

  • The websocket-fuzzer will store the logs in text files with this format: output/{token-id}/{connection-id}-{message-number}.log. The token-id identifies the section of the fuzzed message that was modified. Grouping by token-id helps the analyze-output.py tool identify vulnerabilities.

  • Analyze the logs using grep to find specific things you're looking for, or analyze-output.py for a more generic analysis.

Authentication

The tools support authenticating using user-defined websocket messages. These messages are sent before the ones with the payloads.

Logging

All messages are logged to a user-defined directory. Each connection is logged to a different file. Detailed logging is very important for this tool, since it allows the user to run grep on the output to find interesting things.

Fuzzing

The tool was developed for fuzzing websocket applications which use JSON as a serialization method. If this is not the case for you, please customize the following functions:

* `create_tokenized_messages`
* `replace_token_in_json`

More Repositories

1

w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
Python
4,309
star
2

enumerate-iam

Enumerate the permissions associated with AWS credential set
Python
840
star
3

nimbostratus

Tools for fingerprinting and exploiting Amazon cloud infrastructures
Python
429
star
4

race-condition-exploit

Tool to help with the exploitation of web application race conditions
Python
178
star
5

mongo-objectid-predict

Predict Mongo ObjectIds
Python
106
star
6

jwt-fuzzer

JWT fuzzer
Python
104
star
7

cc-lambda

Search the common crawl using lambda functions
Python
76
star
8

secure-ubuntu-desktop

Maintain a list of tips and tricks to be used by Ubuntu users to secure their laptops.
65
star
9

w3af-webui

Django Web UI contributed by Yandex for w3af.
JavaScript
52
star
10

vpc-vpn-pivot

Pivot into private VPC networks using a VPN connection
Python
37
star
11

django-moth

A Django vulnerable Web application for testing the w3af framework
Python
31
star
12

w3af-moth

A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.
HTML
29
star
13

w3af-kali

w3af packaging for Kali distribution
Python
25
star
14

splunk-logger

A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.
Python
23
star
15

aws-audit-automation

Tools to automate AWS Cloud security assessments
Python
23
star
16

nimbostratus-target

This repository holds a target infrastructure you can use for running the nimbostratus tools.
Python
22
star
17

w3af-api-client

REST API client to consume w3af
Python
17
star
18

pico-wavsep

A minimalistic way to run WAVSEP
Python
13
star
19

docker-anomalies

Docker container anomaly detection
Python
12
star
20

owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
HTML
12
star
21

aws-backup

AWS Backup implementation in terraform
HCL
12
star
22

pico

Tool to identify and exploit timing attacks
Python
10
star
23

burp-proxy-search

Burp suite HTTP history advanced search
Python
10
star
24

w3af-module

Tools to install w3af as a Python module
Python
9
star
25

docker-tag-naming

A small tool that helps name docker tags
Python
9
star
26

sentinela

Sentinela is a highly configurable operating system watchdog which can take actions based on pre-configured rules.
Python
8
star
27

collector

Collect performance metrics for any software using AWS
Python
7
star
28

w3af-api-docker

Docker image for w3af REST API with nginx, uwsgi and supervisord
Python
6
star
29

w3af-packages

Files and utilities that define w3af packages and installers for Windows, Debian, FreeBSD, etc.
C
6
star
30

w3af-qa

Quality related stuff for w3af.
Python
4
star
31

dirty-dependency-check

Vulnerability dependency check for Maven projects
Python
4
star
32

django-uwsgi-nginx-ssh

Django 1.5.1 with uwsgi, nginx and SSH.
Nginx
4
star
33

cryptopals

My solutions to the cryptopals challenge
Python
4
star
34

w3af-performance-analysis

Analysis tool for performance output generated by w3af
Python
3
star
35

hash-blender

Takes various inputs and separators, mixes them, applies a hash function and verifies if match was found
Python
3
star
36

py-xchat-twitter

Twitter client written as an XChat plugin (Python)
Python
3
star
37

pico-string-compare-local

String comparison scripts for pico
Python
2
star
38

qotd

A simple quote of the day library
Python
2
star
39

w3af-misc

Misc code loosely related to the w3af project.
Python
1
star
40

burp-extensions

Collection of Burp extensions
1
star
41

w3af-kali-ci

A helper repository to build w3af-kali in CircleCI
Shell
1
star
42

django-registration

https://bitbucket.org/ubernostrum/django-registration with minor modifications
Python
1
star
43

django-rest-framework-timing

Minimalistic Django REST framework to test timing attacks
Python
1
star
44

high-entropy-json

Call Lyft's high-entropy-string for each string in a JSON document
Python
1
star