Explore WebSocket hacking techniques in this conference talk from Derbycon 2019. Learn about WebSocket integration, inspection, and cross-site hijacking from experts Michael Fowl and Nick Defoe. Discover how to leverage old vulnerabilities and utilize tools like Burp Suite, Repeater, and Sequel Map for WebSocket exploitation. Gain insights into multithreading, Python implementation, loopback techniques, and post request injection methods to enhance your understanding of WebSocket security.
Overview
Syllabus
Intro
Agenda
Michael Fowl
Nick Defoe
What is WebSocket
WebSocket Integration
WebSocket Inspection
Crosssite WebSocket Hijacking
Old Vulnerabilities
Other Tools
Burp Suite
Repeater
Sequel Map
Multithreading
Python
Loopback
Post Request
Injection
Outro
