Last active
August 29, 2015 13:56
-
-
Save DinisCruz-Dev/9117493 to your computer and use it in GitHub Desktop.
vulnerable websocket code from websocket.org (http://www.websocket.org/echo.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<meta charset="utf-8" > | |
<title>WebSocket Test></title> | |
<script language="javascript" type="text/javascript"> | |
var wsUri = "ws://echo.websocket.org/"; | |
var output; | |
function init() | |
{ | |
output = document.getElementById("output"); | |
testWebSocket(); | |
} | |
function testWebSocket() | |
{ | |
websocket = new WebSocket(wsUri); | |
websocket.onopen = function(evt) { onOpen(evt) }; | |
websocket.onclose = function(evt) { onClose(evt) }; | |
websocket.onmessage = function(evt) { onMessage(evt) }; | |
websocket.onerror = function(evt) { onError(evt) }; | |
} | |
function onOpen(evt) | |
{ | |
writeToScreen("CONNECTED"); | |
doSend("WebSocket rocks"); | |
} | |
function onClose(evt) | |
{ | |
writeToScreen("DISCONNECTED"); | |
} | |
function onMessage(evt) | |
{ | |
writeToScreen('<span style="color: blue;">RESPONSE: ' + evt.data+'</span>'); | |
websocket.close(); | |
} | |
function onError(evt) | |
{ | |
writeToScreen('<span style="color: red;">ERROR:</span> ' + evt.data); | |
} | |
function doSend(message) | |
{ | |
writeToScreen("SENT: " + message); | |
websocket.send(message); | |
} | |
function writeToScreen(message) | |
{ | |
var pre = document.createElement("p"); | |
pre.style.wordWrap = "break-word"; | |
pre.innerHTML = message; | |
output.appendChild(pre); | |
} | |
window.addEventListener("load", init, false); | |
</script> | |
<h2>WebSocket Test</h2> | |
<div id="output"></div>; | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var secureCb; | |
var secureCbLabel; | |
var wsUri; | |
var consoleLog; | |
var connectBut; | |
var disconnectBut; | |
var sendMessage; | |
var sendBut; | |
var clearLogBut; | |
function echoHandlePageLoad() | |
{ | |
if (window.WebSocket) | |
{ | |
document.getElementById("webSocketSupp").style.display = "block"; | |
} | |
else | |
{ | |
document.getElementById("noWebSocketSupp").style.display = "block"; | |
} | |
secureCb = document.getElementById("secureCb"); | |
secureCb.checked = false; | |
secureCb.onclick = toggleTls; | |
secureCbLabel = document.getElementById("secureCbLabel") | |
wsUri = document.getElementById("wsUri"); | |
toggleTls(); | |
connectBut = document.getElementById("connect"); | |
connectBut.onclick = doConnect; | |
disconnectBut = document.getElementById("disconnect"); | |
disconnectBut.onclick = doDisconnect; | |
sendMessage = document.getElementById("sendMessage"); | |
sendBut = document.getElementById("send"); | |
sendBut.onclick = doSend; | |
consoleLog = document.getElementById("consoleLog"); | |
clearLogBut = document.getElementById("clearLogBut"); | |
clearLogBut.onclick = clearLog; | |
setGuiConnected(false); | |
document.getElementById("disconnect").onclick = doDisconnect; | |
document.getElementById("send").onclick = doSend; | |
} | |
function toggleTls() | |
{ | |
var wsPort = (window.location.port.toString() === "" ? "" : ":"+window.location.port) | |
if (wsUri.value === "") { | |
wsUri.value = "ws://" + window.location.hostname.replace("www", "echo") + wsPort; | |
} | |
if (secureCb.checked) | |
{ | |
wsUri.value = wsUri.value.replace("ws:", "wss:"); | |
} | |
else | |
{ | |
wsUri.value = wsUri.value.replace ("wss:", "ws:"); | |
} | |
} | |
function doConnect() | |
{ | |
if (window.MozWebSocket) | |
{ | |
logToConsole('<span style="color: red;"><strong>Info:</strong> This browser supports WebSocket using the MozWebSocket constructor</span>'); | |
window.WebSocket = window.MozWebSocket; | |
} | |
else if (!window.WebSocket) | |
{ | |
logToConsole('<span style="color: red;"><strong>Error:</strong> This browser does not have support for WebSocket</span>'); | |
return; | |
} | |
// prefer text messages | |
var uri = wsUri.value; | |
if (uri.indexOf("?") == -1) { | |
uri += "?encoding=text"; | |
} else { | |
uri += "&encoding=text"; | |
} | |
websocket = new WebSocket(uri); | |
websocket.onopen = function(evt) { onOpen(evt) }; | |
websocket.onclose = function(evt) { onClose(evt) }; | |
websocket.onmessage = function(evt) { onMessage(evt) }; | |
websocket.onerror = function(evt) { onError(evt) }; | |
} | |
function doDisconnect() | |
{ | |
websocket.close() | |
} | |
function doSend() | |
{ | |
logToConsole("SENT: " + sendMessage.value); | |
websocket.send(sendMessage.value); | |
} | |
function logToConsole(message) | |
{ | |
var pre = document.createElement("p"); | |
pre.style.wordWrap = "break-word"; | |
pre.innerHTML = getSecureTag()+message; | |
consoleLog.appendChild(pre); | |
while (consoleLog.childNodes.length > 50) | |
{ | |
consoleLog.removeChild(consoleLog.firstChild); | |
} | |
consoleLog.scrollTop = consoleLog.scrollHeight; | |
} | |
function onOpen(evt) | |
{ | |
logToConsole("CONNECTED"); | |
setGuiConnected(true); | |
} | |
function onClose(evt) | |
{ | |
logToConsole("DISCONNECTED"); | |
setGuiConnected(false); | |
} | |
function onMessage(evt) | |
{ | |
logToConsole('<span style="color: blue;">RESPONSE: ' + evt.data+'</span>'); | |
} | |
function onError(evt) | |
{ | |
logToConsole('<span style="color: red;">ERROR:</span> ' + evt.data); | |
} | |
function setGuiConnected(isConnected) | |
{ | |
wsUri.disabled = isConnected; | |
connectBut.disabled = isConnected; | |
disconnectBut.disabled = !isConnected; | |
sendMessage.disabled = !isConnected; | |
sendBut.disabled = !isConnected; | |
secureCb.disabled = isConnected; | |
var labelColor = "black"; | |
if (isConnected) | |
{ | |
labelColor = "#999999"; | |
} | |
secureCbLabel.style.color = labelColor; | |
} | |
function clearLog() | |
{ | |
while (consoleLog.childNodes.length > 0) | |
{ | |
consoleLog.removeChild(consoleLog.lastChild); | |
} | |
} | |
function getSecureTag() | |
{ | |
if (secureCb.checked) | |
{ | |
return '<img src="img/tls-lock.png" width="6px" height="9px"> '; | |
} | |
else | |
{ | |
return ''; | |
} | |
} | |
window.addEventListener("load", echoHandlePageLoad, false); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment