Highest Voted 'websocket' Questions - IT Security Stack Exchange

57

votes

3 answers

eBay web site tries to connect to wss://localhost:xxxxx - is this legit or they have some Malware JS running?

In helping a corporate user log on to eBay, I noticed that when on the login page, a stream of errors were coming up in the Firefox JS Console about not being able to connect to wss://localhost. This is a bit concerning, obviously. Why would a web…

javascript scan websocket

asked May 28 '20 at 15:09

ETL

631
5
8

22

votes

8 answers

Protect API from being tampered?

I'm building an API with websocket that serializes data through JSON. The App itself is a chat application. I came up with the following structure to send my data: {date: '2020-05-31', time: '14:28:05', text: "Hey!", to: '', from:…

api rest protection websocket tampering

asked May 31 '20 at 19:35

VladiC4T

379
4
8

13

votes

2 answers

Anti-DoS WebSockets Best Practices

What are the best practices for thwarting DoS attacks for a WebSocket server? Is there a comprehensive site or document that can be referenced?

denial-of-service defense websocket

asked Jan 10 '14 at 02:07

user36556

12

votes

2 answers

Preventing CSRF attacks against WebSocket communications

I have read the thread about CSRF attacks in websockets (Do WebSocket-powered web apps (e.g. "comet" apps) have to worry about CSRF?) and also some more material regarding websocket security, but none of them seem to address the following issue - Is…

web-application csrf html-5 websocket

asked Dec 24 '14 at 23:02

user3074662

541
2
6
11

12

votes

2 answers

How does websocket frame masking protect against cache poisoning?

I've been studying the Websocket protocol (RFC 6455). Section 10.3 specifically talks about frame masking, which is prevents cache poisoning from http proxy servers. How does frame masking prevent cache poisoning? How is a proxies cache "poisoned"?…

websocket

asked Jun 04 '13 at 14:24

Luke

295
3
7

12

votes

1 answer

Is a very long living WSS WebSocket Secure connection really secure?

I am far from being a security expert, so please forgive any approximation in this question. As I understand it from this (very good) answer, a suite of HTTPS connection can be summarized as such : There's a negotiation between the browser and the…

tls websocket

asked Mar 11 '16 at 14:59

Salomon BRYS

223
1
6

9

votes

2 answers

Why can't websockets support custom headers?

This question is related to this question I asked To summarise, I'm playing with websockets at the moment and I'm trying to understand how to authenticate a client connecting to the server using a websocket connection. On a normal connection, I use…

websocket

asked Nov 26 '17 at 12:04

stickman

1,550
3
13
16

8

votes

2 answers

Sec-WebSocket-Key Header

Can anyone explain me which attacks the Sec-WebSocket-Key in the WebSocket handshake addresses? I don't understand it in the RFC, neither on google.

websocket

asked Jan 27 '16 at 02:12

Kiechlus

181
1
3

7

votes

3 answers

Socket.IO Client Security

I am new to Node.js and Socket.IO. According to documentation the client side code is something like:

Questions tagged [websocket]