WSPentest script can be used to connect websocket as local client with Valid Session and Headers
-
Modfiy the WSS://URL and Cookies required to connect Websocket
-
node WSPentest.js
Usage:- We can connect websocket with Local client using NodeJS and we can modify the scripts according our need for pentest
for e.g.
1)We can brute force the request by modifying scripts with loops in send frames
2)We can check for the IDOR vulns by sending modified websocket frame after connection
3)We can use the JS to check Cross Site Websocket Hijhacking etc.