Cross-site WebSocket hijacking | allinfosecnews.com

Jan. 19, 2023, 9:51 a.m. | Karthikeyan Nagaraj

InfoSec Write-ups - Medium infosecwriteups.com

Portswigger Lab Solution — Cross-site WebSocket hijacking | Karthikeyan Nagaraj

What is cross-site WebSocket hijacking?

Cross-site WebSocket hijacking (also known as cross-origin WebSocket hijacking) involves a cross-site request forgery (CSRF) vulnerability on a WebSocket handshake.

It arises when the WebSocket handshake request relies solely on HTTP cookies for session handling and does not contain any CSRF tokens or other unpredictable values.

An attacker can create a malicious web page on their own domain which establishes a cross-site WebSocket …

bug bounty burpsuite cross-site csrf hacking hijacking portswigger-lab websocket

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 1 day, 18 hours ago | infosecwriteups.com

architecture basics components continue +14

NTFS Filesystem: Alternate Data Stream (ADS) 1 day, 18 hours ago | infosecwriteups.com

filesystem forensics ntfs security +1

Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 1 day, 18 hours ago | infosecwriteups.com

hacker hacking hacking tools linux +1

Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 1 day, 18 hours ago | infosecwriteups.com

artificial intelligence breaking bypass chatgpt +15

XSS Unpacked: What It Is, How It Works, and How to Stop It 1 day, 18 hours ago | infosecwriteups.com

cybersecurity script-injection secure coding web security +1

How I Hack Web Applications (Part 1) 1 day, 18 hours ago | infosecwriteups.com

application security bug bounty ethical hacking infosec +1

Storm Breaker: Unveiling the Power of the Social Engineering Tool 1 day, 18 hours ago | infosecwriteups.com

capabilities continue cybersecurity engineering +12

CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 1 day, 18 hours ago | infosecwriteups.com

bug bounty command command injection critical +13

If You Want To Be A CISO Then Read This First … 1 day, 18 hours ago | infosecwriteups.com

career advice careers ciso cybersecurity +6

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Information Security Manager & ISSO

@ Federal Reserve System | Minneapolis, MN

View on infosec-jobs.com

Forensic Lead

@ Arete | Hyderabad

View on infosec-jobs.com

Lead Security Risk Analyst (GRC)

@ Justworks, Inc. | New York City

View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com