all InfoSec news
Cross-site WebSocket hijacking
Jan. 19, 2023, 9:51 a.m. | Karthikeyan Nagaraj
InfoSec Write-ups - Medium infosecwriteups.com
Portswigger Lab Solution — Cross-site WebSocket hijacking | Karthikeyan Nagaraj
What is cross-site WebSocket hijacking?
Cross-site WebSocket hijacking (also known as cross-origin WebSocket hijacking) involves a cross-site request forgery (CSRF) vulnerability on a WebSocket handshake.
It arises when the WebSocket handshake request relies solely on HTTP cookies for session handling and does not contain any CSRF tokens or other unpredictable values.
An attacker can create a malicious web page on their own domain which establishes a cross-site WebSocket …
bug bounty burpsuite cross-site csrf hacking hijacking portswigger-lab websocket
More from infosecwriteups.com / InfoSec Write-ups - Medium
NTFS Filesystem: Alternate Data Stream (ADS)
1 day, 18 hours ago |
infosecwriteups.com
How I Hack Web Applications (Part 1)
1 day, 18 hours ago |
infosecwriteups.com
If You Want To Be A CISO Then Read This First …
1 day, 18 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Information Security Manager & ISSO
@ Federal Reserve System | Minneapolis, MN
Forensic Lead
@ Arete | Hyderabad
Lead Security Risk Analyst (GRC)
@ Justworks, Inc. | New York City
Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F
@ Hifield | Sèvres, France