Learn about the WebSockets API and see a demonstration of its use.
- [Voiceover] With the release of HTML5,…more sophisticated state management capabilities…are available to the web developer.…WebSockets provide the ability to set up…a full duplex communications channel between the client…and the server, this requires a handshake over HTTP…or HTTPS to upgrade the protocol to WS or WSS…and a WebSocket server to manage the protocol.…Firstly the client initiates a connection…by sending an HTTP WebSocket handshake request,…then the server responds with a status code…of 101 switching protocols, in then switches to WebSockets…and both the web browser and the web server communicate…using the WebScocket API, according to RFC 6455,…the WebSocket protocol.…
Websocketd is an easy to use WebSocket server,…written by Joe Walnes, which we can load into…our Ubuntu system, we can get the zip file of this server…from his GitHub page, unpack it, and it'll be ready for use.…Okay, we've downloaded the file, so now let's unzip it.…Let's take a look at what we've got.…Okay, so we can see the WebSocketd program,…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones