1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Cross Site WebSocket Hijacking

Variants:
Direct 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Anti-CSRF

Invented In:
31/08/2013

Added In:
30/12/2014


Vector Operation Method:
Abuse web sockets in a CSRF like scenario to perform operations on behalf of users, and view private user content due to websockets not being restricted by same origin policies.


Direct Variant:

CSWSH

Also Known As:
Cross Site WebSocket Hijacking

Typical Severity:
Medium

Resources:

OWASP Attacks

OWASP Testing Guide

Other I

Other II

Other III

White Papers:

Paper I

Learn More:




TECAPI ©

Join