Skip to content

Instantly share code, notes, and snippets.

Created November 27, 2014 12:16
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Python Script to check if target is vulnerable to Cross-SIte WebSocket Hijacking using Private IP Addresses as Origin
#import the required binaries and namespaces
import clr
from WebsocketClient import *
#Make WebSocket connection to target using the supplied Origin and check if it sends messages like it does for valid sessions
def check_conn(origin):
print "Testing origin - " + origin
ws = SyncWebsockClient()
ws.Connect("ws://", origin, "SessionID=KSDI2923EWE9DJSDS01212")
ws.Send("first message to send")
msg = ws.Read()
if msg == "message that is part of valid session":
print "Connection successful!!"
return True
return False
#Loop through every possible address in the IP address namespace and check if it is accepted as a valid Origin
def check_nw():
for nws in ["", "", ""]:
for ip in Tools.NwToIp(nws):
if check_conn("http://" + ip):
Copy link

Where do we install Tools from? I tried pip install tools but it still does not resolve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment