Cross-Site WebSocket Hijacking

Cross-Site WebSocket Hijacking is an attack that allows an attacker to communicate via WebSocket with the vulnerable server on behalf of a victim, provided that user’s session is stored in Cookie.


  1. The website allows users to online chat
  2. Each user's session ID is stored in Cookie
  3. Website uses the WebSocket protocol for quickly deliver messages
  4. Website transmits confidential user data (session ID, incoming private messages) via WebSocket

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  How to prevent WebSocket Hijacking →