Tools

WSSiP – A WebSocket Manipulation Proxy

WSSiP

WSSiP –  A WebSocket Manipulation Proxy

WSSiP is a tool for viewing, interacting with, and manipulating WebSocket messages between a browser and web server. WebSockets themselves are a newer option for client-side JavaScript code that allows browsers to connect to the web server in order to signify that the connection should be a TCP connection. As defined by IETF RFC 6455, the goal of WebSockets is to “provide a mechanism for browser-based applications that need two-way communication with servers that does not rely on opening multiple HTTP connections (e.g., using XMLHttpRequest or <iframe>s and long polling).” The final draft of the specification was published in December 2011. Data is dispatched in “messages” that can either be sent via regular ASCII text or in raw binary.

All modern browsers have full support for WebSockets. As WebSocket use is expected to become more common in the near future, better tools for testing are needed. A tool that can help debug and fuzz without relying on complicated and time-consuming methods would be especially useful. For example, Burp Suite only displays the history of all WebSocket messages in one tab and can intercept messages, but you cannot send your own. Other intercepting proxies either are a bit complicated to use, just starting to implement this feature, or do not implement WebSocket debugging at all. Some of NCC Group’s consultants have had to manually fiddle with browser developer tools in order to send messages and test, which made testing clients’ software more time-consuming.

WSSiP aims to solve that problem. This tool complements other intercepting proxies by providing a user interface to capture, intercept, and send messages and view all communications between client and server. It includes support for an upstream proxy, allowing it to be part of a multi-proxy chain between browser and web server, concentrating on WebSockets while leaving more typical HTTP interception to other tools such as Burp Suite or Pappy Proxy.

WSSiP is programmed in and runs on Node.js 7.0+. It uses Electron for the application interface, and React & Material UI for the user interface inside the application.

Installation

From Packaged Application

See Releases.

From npm/yarn (for CLI commands)

Run the following in your command line:

npm:

# Install Electron globally
npm i -g [email protected]

# Install wssip global for "wssip" command
npm i -g wssip

# Launch!
wssip

yarn: (Make sure the directory in yarn global bin is in your PATH)

yarn global add [email protected]
yarn global add wssip
wssip

You can also run npm install electron (or yarn add electron) inside the installed WSSiP directory if you do not want to install Electron globally, as the app packager requires Electron be added to developer dependencies.

From Source

Using a command line:

# Clone repository locally
git clone https://github.com/nccgroup/wssip

# Change to the directory
cd wssip

# If you are developing for WSSiP:
# npm i

# If not... (as to minimize disk space):
npm i -g [email protected]
npm i --production

# Start application:
npm start

Usage

  1. Open the WSSiP application.
  2. WSSiP will start listening automatically. This will default to localhost on port 8080.
  3. Optionally, use Tools > Use Upstream Proxy to use another intercepting proxy to view web traffic.
  4. Configure the browser to point to https://localhost:8080/ as the HTTP Proxy.
  5. Navigate to a page using WebSockets. A good example is the WS Echo Demonstration.
  6. ???
  7. Potato.

Fuzzing

WSSiP provides an HTTP bridge via the man-in-the-middle proxy for custom applications to help fuzz a connection. These are accessed over the proxy server.

A few of the simple CA certificate downloads are:

  • https://mitm/ca.pem / https://mitm/ca.der (Download CA Certificate)
  • https://mitm/ca_pri.pem / https://mitm/ca_pri.der (Download Private Key)
  • https://mitm/ca_pub.pem / https://mitm/ca_pub.der (Download Public Key)

Get WebSocket Connection Info

Returns whether the WebSocket id is connected to a web server, and if so, return information.

  • URL

    GET https://mitm/ws/:id

  • URL Params

    id=[integer]

  • Success Response (Not Connected)

    • Code: 200
      Content: {connected: false}
  • Success Response (Connected)

    • Code: 200
      Content: {connected: true, url:
      'ws://echo.websocket.org', bytesReceived: 0, extensions: {}, readyState:
      3, protocol: '', protocolVersion: 13}

Send WebSocket Data

Send WebSocket data.

  • URL

    POST https://mitm/ws/:id/:sender/:mode/:type?log=:log&mask=:mask

  • URL Params

    Required:

    id=[integer]

    sender one of client or server

    mode one of message, ping or pong

    type one of ascii or binary (text is an alias of ascii)

    Optional:

    log either true or y to log in the WSSiP application. Errors will be logged in the WSSiP application instead of being returned via the REST API.

    mask either true or y to set WebSocket flag to mask.

  • Data Params

    Raw data in the POST field will be sent to the WebSocket server.

  • Success Response:

    • Code: 200
      Content: {success: true}
  • Error Response:

    • Code: 500
      Content: {success: false, reason: 'Error message'}

 

DOWNLOAD

You Might Also Like

Leave a Reply