gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

Fix typos

Browse Source
This commit is contained in:
Swissky
2024-09-16 18:05:54 +02:00
parent d90c73c7ef
commit d5a6811193
27 changed files with 152 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Web Sockets/README.md
View File

@@ -12,11 +12,13 @@
* [Labs](#labs)
* [References](#references)
## Tools
* [doyensec/wsrepl](https://github.com/doyensec/wsrepl) - WebSocket REPL for pentesters
* [mfowl/ws-harness.py](https://gist.githubusercontent.com/mfowl/ae5bc17f986d4fcc2023738127b06138/raw/e8e82467ade45998d46cef355fd9b57182c3e269/ws.harness.py)
## Exploit
### Using wsrepl
@@ -82,7 +84,10 @@ python ws-harness.py -u "ws://dvws.local:8080/authenticate-user" -m ./message.tx
The content of the message should contains the **[FUZZ]** keyword.
```json
{"auth_user":"dGVzda==", "auth_pass":"[FUZZ]"}
{
"auth_user":"dGVzda==",
"auth_pass":"[FUZZ]"
}
```
Then you can use any tools against the newly created web service, working as a proxy and tampering on the fly the content of message sent thru the websocket.