Exploiting insecure WebSocket Communication

What is WebSocket ?

For communication between client and server, we usually use HTTP protocol where server respond to the client request but if we talk about weather, gaming application that keeps changing in a very short span of time we need something different. Therefore, we use web-sockets to make this communication faster. If a data gets changes on the server side there is not interaction such as page refresh or something is not required from the user side they can updated automatically.

In web-socket, there is a 2-way communication like HTTP Protocol but server can initiate connection without the request generated by client and connection between client and server can be open for long time without no overhead.

Note: For initial handshake process, web-socket uses http protocol itself late switch to web-socket infrastructure.

Syntax: ws://test.com/abc:80

Note: wss used for encrypted channel.

Need/Advantage:

· Less overhead: We can achieve 2-way communication by using http protocol but we have to implement lots of header on server side.

· Server can push the information or update to clients and clients do not need to refresh the webpage each and every time.