WebSockets
Last updated
Last updated
Cross site web socket hijacking (CSWSH) is similar to CSRF because we utilize the targets cookies to make requests.
Also, like CSRF the target would have to visit our malicious page while logged into the target site for this to work.
The major difference is instead of sending a POST request we initiate a web socket connection. After the WebSocket
connection is established we can do whatever want.