< Back





1. Manipulating WebSocket messages to exploit vulnerabilities

This lab demonstrates exploiting a XSS (cross site scripting) vulnerability in a chat box
implemented with WebSockets. Using Python's BeautifulSoup and websockets libraries, we're able to
extract the WebSockets endpoint from this site's HTML, initiate a new connection, and inject
IMG tags to attempt to load an image from the src "/". Obviously, this will fail and, onerror, we'll
execute a script to trigger the alert() function.


Solution