The Purple Team Journey: My Cybersecurity Chronicles.

 In this lab, the vulnerability is demonstrated through a live chat feature that relies on a WebSocket connection for real-time communication. When the user clicks “Live chat” and sends a message, the browser establishes a persistent WebSocket session with the server. Using Burp Suite, this traffic can be observed in the WebSockets history tab, where each chat message appears as a WebSocket frame being transmitted through the connection. To begin exploring the application’s security controls, the WebSocket message is right-clicked and sent to Repeater. From there, the payload is modified to include a basic cross-site scripting attempt such as an image tag with an error handler, for example <img src=1 onerror='alert(1)'> . When this modified message is resent through the WebSocket channel, the application responds by blocking the payload. More importantly, the WebSocket connection is immediately terminated, indicating that some server-side filtering or intrusion detection...

Cross-site WebSocket hijacking is a vulnerability that arises when a WebSocket endpoint accepts connections without properly validating the origin of the request or protecting the handshake with anti-CSRF mechanisms. In this lab scenario, a live chat feature is implemented using WebSockets to support real-time communication between users and a support agent. When a user opens the chat and sends a message, the application establishes a persistent WebSocket connection. This connection is then reused not only for live messaging but also for retrieving historical chat data from the server, which introduces a sensitive data exposure surface. The initial interaction begins by clicking “Live chat” and sending a chat message. This establishes the WebSocket connection and allows normal communication. When the page is reloaded, the application automatically reconnects to the WebSocket endpoint. At this point, Burp Suite’s WebSockets history tab reveals an important behavior: the client sends a R...

In this lab, the vulnerability is explored through a live chat feature that uses WebSockets for real-time communication between the user and a support agent. The interesting part is not just that messages are sent in real time, but how they can be intercepted and modified in transit, which ultimately exposes a stored XSS issue. The attack begins by opening the Live chat interface and sending a normal chat message. At this stage, the application behaves as expected: the message is transmitted instantly and appears in the chat window. However, under the surface, this message is not using a standard HTTP request. Instead, it is being sent over a persistent WebSocket connection. To confirm this, Burp Suite is used as an intercepting proxy. Inside Burp, the WebSockets history tab shows that the chat message is indeed being transmitted through a WebSocket frame. This is an important observation because it confirms that the communication bypasses traditional HTTP request logs and instead fl...