WebSockets are HTML5s solution for low latency communications. Support is now stable in major browsers, and developers are starting to use them for chat, games, videoconferencing, and other applications. Despite its growing adoption, WebSockets are difficult for pen testers to mess with. Tools are starting to catch up – wireshark, fiddler & chrome will let you view WebSocket traffic, but there is no simple system currently available to tamper with these messages. This summer I plan to release Socket Puppet, a chrome extension designed to fill this need, and I want to release it at BSides.
A New Jersey based web developer with a strong interest in security. By day, he builds websites in PHP, Python, HTML5, CSS3, JS, and anything else that will get the job done. In his spare time he plays video games, goes to cons, keeps up with security research, and pokes around with the latest tech he can get his hands on. He studied computer science at Yeshiva University & is also a GWAPT if you actually care about certs.