Day 13: It came without buffering! It came without lag!

Note:

Hey! Before you go through this writeup try the task first by your self and if you get stuck come back and checkout the writeup.

WebSockets and Their Potential for Exploitation

WebSockets are a communication protocol enabling real-time, bidirectional communication between a client (like a web browser) and a server over a single persistent connection. They are commonly used in applications like chat platforms, live notifications, and collaborative tools to facilitate instant data exchange without repeated HTTP requests. This lightweight and efficient protocol operates over the standard TCP port 80 or 443, making it a versatile choice for modern web applications.

However, WebSockets can be exploited if not implemented securely. Attackers may leverage vulnerabilities like insufficient authentication, insecure origins, or improper input validation to execute attacks such as session hijacking, data exfiltration, or command injection. Additionally, if WebSocket servers fail to validate incoming requests, they could become conduits for malicious payloads or denial-of-service (DoS) attacks. To mitigate these risks, developers must enforce strict authentication, use secure protocols (e.g., WSS), and validate all inputs rigorously.

Q: What is the value of Flag1?

A: Open BurpSutie and setup a project with default settings.

In the Proxy -> Intercept tab open the browser and head over to the webpage.

Come back to BurpSuite and click on Intercept off button and turn Intercept on.

Go back to the web browser and click on Track back at BurpSuite you should see raw data with a userId change this user ID from 5 to 8 and click on forward a few times.

Back in the Browser Mayor Malware should send a message with the flag.

Note: If you don’t see the message from Mayor Malware go back to BurpSuite and click on forward a few more times.

Q: What is the value of Flag2?

A: Make sure Intercept is on in BurpSuite and go back to the browser and send a message to Community Reports

Head back to BurpSuite and the raw data should have a sender field change it from a 5 to 8 and click on forward a few times.

Back in the Browser Mayor Malware should send a message with the flag.

Note: If you don’t see the message from Mayor Malware go back to BurpSuite and click on forward a few more times.