Yo yo homies.im back with another post.so lets start

Hmmm.Did you chat with live agents on any day? If you did that, you know that it’s a real time chat. like live agent can see you’re Mg in real time

so how does developer make that? well there is way called websocket

How does websocket work

WebSockets work by establishing a persistent connection between the client and server over a single TCP socket. Once the connection is established, data can be sent and received in real-time between the client and server.

Damn. we can use this thing to do lots of work

hmm so lets deep dive into this

So there are lots of vulns that can be come with websockets

XSS with web sockets

so in web sockets we can still inject js payloads brrrr.but its kinda different. actually not that different.so lets hop into that

okay now I demonstrate with a portswigger lab

okay so i access the live chat

when i click and inspect this request with burp suite

its a webscoket request and i managed to edit this request to xss payload

and boom💥💥

And remember these vulns aren’t only limited to xss. these can leads to lots of vulns like sqli injection ,xxe, nosql injection.so like basicly this is just normal web vulns but in websocket protocol

so ima off

echo "GGS!Ima off";