Old Tools, New Tricks: Hacking WebSockets

Many application penetration testers and developers have struggled to figure out how to assess the security of WebSocket applications. When new technologies like WebSockets are developed, often the tooling available for penetration testing takes awhile to catch up. What if you could use traditional web penetration testing tools to assess WebSockets? By leveraging concepts found in native code fuzzing, you can! We have been using a novel approach that allows traditional web security testing tools to find vulnerabilities in WebSocket applications.

Presented by