Burp Suite User Forum

Login to post

Searching Web-socket History

Praveen | Last updated: Aug 07, 2020 10:20AM UTC

Hi team, I was testing a Javascript application that made Websocket requests. I was trying to search sensitive parameters/calls in WebSocket history. They were making calls to update using values to the server using the WebSocket calls from the front end. But the search window in burp does not look into the WebSocket history. This would be a great option to search in WebSocket history.apart from the target, proxy, and repeater).

Praveen | Last updated: Aug 07, 2020 10:28AM UTC

Hi, Is there a feature or extension to extract websocket calls being made from Javascript(like a passive scanner which skims through websocket history and Javascript files to capture the call) Thanks.

Uthman, PortSwigger Agent | Last updated: Aug 07, 2020 10:43AM UTC

Hi Praveen, I have registered your interest for the WebSocket history search feature. We will update this thread when it is implemented. In relation to your second query, have you considered creating your own scanner checks and using Burp Bounty, Scan Check Builder to raise issues? - https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a

Praveen | Last updated: Aug 09, 2020 04:48PM UTC

Hi, Will look into the extension. Thank you.

You need to Log in to post a reply. Or register here, for free.