Member-only story
Understanding WebSocket Hijacking
Introduction
We should define websocket first before exploring websocket hijacking. While similar to HTTP in concept, applications using websocket necessitate a two-way, persistent connection between their endpoints. During that time, the connection between the client and server remains stable, allowing data to be passed back and forth between them without the need for continuous polling.
To know more about the websocket basic please visit my previous blog:
https://gupta-bless.medium.com/exploiting-insecure-websocket-communication-90554f5e43fe
When a websocket connection is established, it will only do so through the use of http when the client makes an update to the request. However, throughout the upgrade process, neither authentication or authorization will take place. Additionally, communication that is established through a websocket connection will not be encrypted. This will increase the risk of attackers inserting themselves onto the server, and in the event that malware is installed onto the server, anything might take place.
