coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #646 from anoduck/patch-1

Browse Source 
Update cross-site-websocket-hijacking-cswsh.md
This commit is contained in:
Carlos Polop 2023-05-26 11:38:04 +02:00 committed by GitHub
commit 8c3ad1340e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pentesting-web/cross-site-websocket-hijacking-cswsh.md
View File

@ -78,8 +78,8 @@ websocat -s 0.0.0.0:8000 #Listen in port 8000
## MitM websocket connections
If you find that clients are connection to a **HTTP websocket** from your current local network you could try an [ARP Spoofing Attack ](../generic-methodologies-and-resources/pentesting-network/#arp-spoofing)to perform a MitM attack between the client and the server.\
Once the client is trying to connect to you you can use:
If you find that clients are connected to a **HTTP websocket** from your current local network you could try an [ARP Spoofing Attack ](../generic-methodologies-and-resources/pentesting-network/#arp-spoofing)to perform a MitM attack between the client and the server.\
Once the client is trying to connect to you can then use:
```bash
websocat -E --insecure --text ws-listen:0.0.0.0:8000 wss://10.10.10.10:8000 -v