cswsh

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2020 License: MIT Imports: 13 Imported by: 1

README

cswsh-scanner

A command-line tool for Cross-Site WebSocket Hijacking (CSWSH)

Install

$ go get -v -u github.com/ambalabanov/cswsh-scanner/...

Basic Usage

cswsh-scanner accepts line-delimited URLs on stdin, output csv:

$ cat test.txt
ws://echo.websocket.org
wss://echo.websocket.org
$ cat test.txt | cswsh-scanner
true,ws://echo.websocket.org
true,wss://echo.websocket.org

Extra parameters

You can use custom Origin header, socket.io support, verbose output and multithreading

$ cswsh-scanner -h
Usage of cswsh-scanner:
  -o string
    	Origin (default "http://hacker.com")
  -s	Socket.IO
  -v	Verbose output
  -w int
    	Number of workers (default 1)

Example

echo "wss://juice-shop.herokuapp.com/socket.io/" | cswsh-scanner -o http://example.com -s -v -w 10
GET /socket.io/?EIO=3&sid=UGv7cfNFrvOiAezJAFa4&transport=websocket HTTP/1.1
Host: juice-shop.herokuapp.com
Connection: Upgrade
Origin: http://example.com
Sec-Websocket-Key: hpydpogayYbH54j8WWatHg==
Sec-Websocket-Version: 13
Upgrade: websocket


HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: ZD8iR647ozR65gsrZpA30Mvcw/U=
Upgrade: websocket
Via: 1.1 vegur


true,wss://juice-shop.herokuapp.com/socket.io/

Documentation

Index

Constants

View Source 
const GUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"

Variables

This section is empty.

Functions

func Scan 

func Scan(urlWs string, c Config) (bool, error)

Types

type Config 

type Config struct {
	Socket  bool
	Verbose bool
	Origin  string
}

Source Files

View all Source files

Directories

Path Synopsis
cmd
cswsh-scanner

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.