-
Use 'wss' instead of 'ws'
- Hard code the URL of the WebSockets endpoint
- Do not allow user-controllable data into the WebSocket URL
- Check origin against a whitelist: make sure the origin you are seeing is the one you expect
- Use CSRF tokens(random tokens) for sensitive data/actions
- Try to avoid session handling or access within the WebSocket protocol, handle it separately
- Use rate limiting: keep track of clients' web sockets to avoid too many connection attempts by the client
- Manipulate websocket messages: XSS attack
- Manipulate Websocket handshake
- If Origin header verification is in place, check for broken verification.
- Communication takes place on 'ws' instead of 'wss'
- WebSocket handshake relies on HTTP cookies (session) and no CSRF tokens are used. (WebSocket hijacking via CSRF vulnerability)
- Utilize insecure web sockets to exploit other vulnerabilities.
- An attacker can perform unauthorized actions as victim
- An attacker can gain access to the sensitive data
- If the victim is an admin or a privileged user, the attacker can gain access over the entire web application
- Browsers don't enforce SOP for websockets, hence the Origin header verification is necessary.