Zapotek
commented
1 year ago Hello,
Yes it should be possible, I have an idea of what the issue might be though.
I'll examine it and get back to you ASAP.
Cheers
Closed Alucard23890 closed 10 months ago
Zapotek
commented
1 year ago Hello,
Yes it should be possible, I have an idea of what the issue might be though.
I'll examine it and get back to you ASAP.
Cheers
Zapotek
commented
1 year ago Hello,
Can you please provide me with the webapplication URL ( can be in private) in order to reproduce the issue?
Cheers
Alucard23890
commented
1 year ago Hi, you can use OWASP Damn Vulnerable Web Sockets (https://owasp.org/www-project-damn-vulnerable-web-sockets/). This is the application I used to test.
Regards
Zapotek
commented
11 months ago Hello,
I'm having some trouble setting up OWASP Damn Vulnerable Web Sockets, but some bugs have been fixed in SCNR that may help. Can you give it a try please?
Cheers
Zapotek
commented
10 months ago Closing this as stale and requiring further feedback.
Hi, I want to scan an application which uses WebSockets to communicate with the Server. If I run SCNR against the application, it only checks the URLs found inside the Application itself but ignores WebSockets URLs. I can see in the Debug Logs that the Connection is established. I tried to use the same Domain for WebSocket and Application (with different ports) but they are still ignored.
Can SCNR even scan such applications and if yes, how?