Burp Analysis
In this section, we will learn how to analyze and manipulate data sent over WebSocket connections in Burp.
Inspecting Messages
WebSockets History Tab
Located within Proxy β WebSockets history
Features:
Lists all WebSocket messages
Filter to narrow down displayed messages
Message data displayed at bottom
URL
WebSocket endpoint
Direction
To server / To client
Length
Message size
Time
Timestamp
Manipulating Messages
Intercept
Burp Intercept works for WebSocket messages just like HTTP requests:
Enable Intercept
Send/receive message via WebSocket
Message is intercepted β manipulate before forwarding
Example: Manipulate echoed message so browser sees incorrect response.
Repeater
Send WebSocket messages to Burp Repeater:
Set direction: To server or To client
Replay messages
Edit and send custom messages
Inject messages from server to client without prior client message
Manipulating Handshake
Send any WebSocket message to Repeater
Click disconnect/reconnect icon to manage connection
Click pencil icon for WebSocket connection overview
Options:
Attach
Use different WebSocket connection
Clone
Establish new connection to same server (allows handshake manipulation)
New WebSocket
Connect to different server
Handshake manipulation:
Inject new HTTP headers
Change existing headers
Modify endpoint path
Question Walkthrough
Task: Manipulate WebSocket traffic to obtain the flag.
Source Code Analysis
Download and analyze:
In server.py:
Key finding: /admin endpoint responds with flag when receiving !get_admin_info
Method 1: Burp Repeater
Open Burp browser, navigate to target
Send any message to establish WebSocket connection
Go to WebSockets history tab
Send WebSocket message to Repeater
Click Select WebSocket β Clone
Edit endpoint from
/echoto/adminConnect
Send message:
!get_admin_infoFlag returned in response!
Method 2: websocat (CLI)
Install websocat:
Send message:
Summary
Last updated