Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

Request Smuggling: WebSockets

Premium room

Exploit HTTP Request Smuggling through WebSockets.

medium

30 min

6,915

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off

In this room, we'll look at ways to smuggle requests through proxies by abusing WebSockets. 

Learning Objectives

  • Understand how WebSockets work.
  • Learn how to exploit request smuggling via WebSockets functionality.
  • Use tools to detect/exploit said vulnerabilities.

Room Prerequisites

Before attempting this room, you must complete the Request Smuggling room. You must also be comfortable using proxies like Burp or .

Starting the

You will need to deploy the attached to this task by pressing the green Start Lab Machine button at the top of the task. The machine will deploy all the required scenarios to complete the room. Each task that requires you to complete a practical element will point you to the URL of the web application you will need. You may access the using the AttackBox or your connection.

Answer the questions below
Click and continue learning!