Create a gist now

Instantly share code, notes, and snippets.

@Lavakumar /cswsh.py
Created Nov 27, 2014

What would you like to do?
Download ZIP
Python Script to check if target is vulnerable to Cross-SIte WebSocket Hijacking using Private IP Addresses as Origin
Raw
cswsh.py
#import the required binaries and namespaces
import clr
clr.AddReference("WebsocketClient.exe")
from WebsocketClient import *
#Make WebSocket connection to target using the supplied Origin and check if it sends messages like it does for valid sessions
def check_conn(origin):
print "Testing origin - " + origin
ws = SyncWebsockClient()
ws.Connect("ws://tatgetapp.com/ws", origin, "SessionID=KSDI2923EWE9DJSDS01212")
ws.Send("first message to send")
msg = ws.Read()
ws.Close()
if msg == "message that is part of valid session":
print "Connection successful!!"
return True
else:
return False
#Loop through every possible address in the IP address namespace and check if it is accepted as a valid Origin
def check_nw():
for nws in ["192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8"]:
for ip in Tools.NwToIp(nws):
if check_conn("http://" + ip):
return
check_nw()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment