Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I intercept messages between a WSS server and client on a specific port and IP address?

Sculas | Last updated: May 26, 2021 02:53PM UTC

Hi there. I would like to intercept messages between a WebSocket server and a client on a specific port using invisible proxying. I already have had success with this, and it worked successfully when I redirected a DNS to 127.0.0.1 but I haven't had any success when the client accesses the WebSocket server by a direct IP address. So how can I make it so it listens for EVERYTHING on the specific port or an IP address? Not sure if I said it right, but something like WireShark and filters, so it listens for everything incoming and outgoing to a specific IP address. One extra note, because the server uses TLS/SSL, I get an error with "certificate_unknown" when it tries to connect. Does anyone know what's going on here? I am on Windows 10. Thank you!

Sculas | Last updated: May 26, 2021 02:56PM UTC

I redirected the DNS to 127.0.0.1 using the hosts file, but how do I redirect requests from a specific IP address, route that to the invisible proxy, and then forward that back to the IP address it came from? I've seen many ways of doing this, but all of them result in all requests coming from that IP going to 127.0.0.1, which in turn means I cannot forward the message to the original server.

Uthman, PortSwigger Agent | Last updated: May 27, 2021 10:09AM UTC

Have you tried editing the 'Redirect to host:' and 'Redirect to port:' under Proxy > Options > Proxy Listeners > Edit > Request Handing? In terms of the TLS error, have you tried investigating the handshake using Wireshark?

Sculas | Last updated: May 27, 2021 06:04PM UTC

Hi there, yes I have. But the issue I am facing is that Burp is not intercepting the requests that go to a specific IP (for example 111.222.333.444:1234). If I connect to a DNS, which I've put in my hosts file to 127.0.0.1, it does work. For the TLS error, I'll do that! Thank you.

Uthman, PortSwigger Agent | Last updated: May 28, 2021 07:07AM UTC

Can you please email support@portswigger.net with some screenshots and further information? - Is any traffic for the IP being shown in the HTTP history? - Diagnostics (Help > Diagnostics) - If possible, can you provide access to the WSS server so that we can attempt to replicate your issue and investigate further?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.