Contents
References
- Portswigger: WebSockets
- Exploiting WebSocket [Application Wide XSS / CSRF]
- Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover
- IDOR via Websockets
- Account Takeover Using Cross-Site WebSocket Hijacking (CSWH)
- Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token