Also, he got $8000 as Bug bounty for his submission on another report! Basically, it was somewhat related to Npm token as well as WebSocket hijacking! At first, I watched his WriteUp Video and then read his WriteUp but was not clear so I thought let's understand the concept and then maybe I understand what he wanted to say!
What is WebSocket?
Ohhhh lol, Websocket is just like Http, a communication protocol that enables interaction between a browser and a web server. I thought it was linked with a socket or something (Just Kidding)!
WebSocket is especially great for services that require continuous data exchange, e.g. online games, real-time trading systems and so on. For example, Slack’s web app uses WebSocket connections to sync messages in its chat functionality.
During the lifetime of a WebSocket connection, the client and the server are free to exchange any amount of data without incurring the overhead and latency of using traditional HTTP requests.
For more good Understanding I prefer you to watch this https://www.youtube.com/watch?v=ZbrEztkwcw8!
How WebSocket it different from HTTP?
How WebSocket connections are created?
- A WebSocket connection between a client and a server is established through a WebSocket handshake.
- To open a WebSocket connection, we need to create new WebSocket using the special protocol
ws://in the URL.
- There's also an encrypted
wss://protocol. It’s like HTTPS for WebSockets.
Problems with WebSocket?
- WebSocket allows an unlimited number of connections to the target server and thus resources on the server can be exhausted because of DOS attack.
- WebSockets are vulnerable to malicious input data attacks, therefore leading to attacks like Cross-Site Scripting (XSS).
- The Websocket protocol doesn’t handle authorization and/or authentication. Application-level protocols should handle that separately in case sensitive data is being transferred.
- Also, some more problems, Do refer WebSocket Issues for the same!
PS: Now I got Idea what actually WebSocket is, So probably I'll do research about Hijacking WebSockets on Day-5! I hope my notes from different websites are/will helping/help you! Thanks!❤️
Aseem's WriteUp: https://firstname.lastname@example.org/one-token-to-leak-them-all-the-story-of-a-8000-npm-token-79b13af182a3
Aseem's WriteUp Video: YouTube
Infosecinstitue: WebSocket Issues
Got doubts? Contact me on Twitter.
Feedbacks are welcomed, do comment it down below! :)