4.11 Client-side Testing
Last updated
Last updated
Use WebSocket tab.
Using a WebSocket client (one can be found in the section below) attempt to connect to the remote WebSocket server. If a connection is established the server may not be checking the origin header of the WebSocket handshake.
Check the SSL Implementation for security issues (Valid Certificate, BEAST, CRIME, RC4, etc). Refer to the section of this guide.
WebSockets do not handle authentication, normal black-box authentication tests should be carried out. Refer to the sections of this guide.
WebSockets do not handle authorization, normal black-box authorization tests should be carried out. Refer to the sections of this guide.
Use WebSocket tab to replay and fuzz WebSocket request and responses. Refer to the sections of this guide.