wss
protocol establishes a WebSocket over an encrypted TLS connection, while the ws
protocol uses an unencrypted connection.Connection
and Upgrade
headers in the request and response indicate that this is a WebSocket handshake.Sec-WebSocket-Version
request header specifies the WebSocket protocol version that the client wishes to use. This is typically 13
.Sec-WebSocket-Key
request header contains a Base64-encoded random value, which should be randomly generated in each handshake request.Sec-WebSocket-Accept
response header contains a hash of the value submitted in the Sec-WebSocket-Key
request header, concatenated with a specific string defined in the protocol specification. This is done to prevent misleading responses resulting from misconfigured servers or caching proxies.Sec-WebSocket-Key
header contains a random value to prevent errors from caching proxies, and is not used for authentication or session handling purposes (It's not a CSRF token).websocat
to stablish a raw connection with a websocket.wsHook.js
file from https://github.com/skepticfx/wshook and save it inside the folder with the web files.
Exposing the web application and making a user connect to it you will be able to steal the sent and received messages via websocket: