0xsh logo

Pentest Reference: WebSockets

Published Feb 15, 2022

Contents

  • References

References

  • Portswigger: WebSockets
  • Exploiting WebSocket [Application Wide XSS / CSRF]
  • Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover
  • IDOR via Websockets
  • Account Takeover Using Cross-Site WebSocket Hijacking (CSWH)
  • Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token
© 2023 0xsh
twitter/github