Ross Marks

Fork: 0

0xRoM / WSSSnoop

Browse code Initial commit master
1 parent f5b21b4 commit 10599cffb950dce40efb57042b7ef6af646c945d 0xRoM authored on 6 Jul 2023

Patch

Unified Split

Showing 10 changed files

                Ignore Space
               Show notes
              View
            
          
          28 ■■■■■
          README.md
             WSSSnoop
===============
 
play with websockets intercept and inject data
Play with websockets intercept and inject data
 
![WSSSnoop main screen](WSSSnoop.png)
 
# <u>Installing</u>
Simply clone the repo, make the bash scripts executable, run "simple-php-webserver.sh" and browse to the correct URL to get started:  
  
 
    $> git clone https://rossmarks.uk/git/git/0xRoM/WSSSnoop.git
    $> cd WSSSnoop
    $> chmod -v +x simple-php-webserver.sh proxy-to-php-server.sh
    $> ./simple-php-webserver.sh
 WSSSnoop
 ===============
+play with websockets intercept and inject data
+Play with websockets intercept and inject data
+![WSSSnoop main screen](WSSSnoop.png)
+# <u>Installing</u>
+Simply clone the repo, make the bash scripts executable, run "simple-php-webserver.sh" and browse to the correct URL to get started:
+    $> git clone https://rossmarks.uk/git/git/0xRoM/WSSSnoop.git
+    $> cd WSSSnoop
+    $> chmod -v +x simple-php-webserver.sh proxy-to-php-server.sh
+    $> ./simple-php-webserver.sh

                Ignore Space
               Show notes
              View
            
          
          66 ■■■■■
          WSSSnoop.html
        
        
        
          0 → 100755
             <html>
<head>
	<title>WSSSnoop</title>
	<link rel="stylesheet" href="/style.css" type="text/css" />
	<link href='http://fonts.googleapis.com/css?family=Source+Code+Pro' rel='stylesheet' type='text/css'>
</head>
<body>
	<div class="topBar">
		<div class="topTitle">
				WSSSnoop
			</div>
		<center>
			<input type="text" name="cswshURL" id="cswshURL" value="" placeholder="wss://snoop.me" style="width: 500px;">
			<input type="button" id="startSnoop" value="start snooping" onclick="startSnooping()"/>
			<input type="button" id="stopSnoop" value="stop snooping" style="display:none" onclick="stopSnooping()"/>
			<br />
			<div class="topcorner">
				Status: <div id="status" style="display:inline-block; color:red"/>Offline</div>
			</div>
		</center>
	</div>
 
	<div class="container">
 
		<div class="sidebar">
			<div class="auto-header">Automations</div>
		  <input class="auto-input" type="text" id="recvInput" placeholder="Recv">
		  <input class="auto-input" type="text" id="sendInput" placeholder="Send">
		  <button id="storeButton" onclick="storeValues()">Store</button>
		  <table id="valueTable">
		    <thead>
		      <tr>
		        <th>Recv</th>
		        <th>Send</th>
		        <th style="width: 20px;"></th>
		      </tr>
		    </thead>
		    <tbody id="valueTableBody"></tbody>
		  </table>
		</div>
 
		<div id="cswsh-output" ></div>
 
	</div>
 
	<div class="sendBar" style="display:none">
		<form name="wssCommand" id="wssCommand"  action=""  onsubmit="return false">
			<label id="label">$></label>
			<input type="text" name="wssSendText" id="wssSendText" value="" placeholder="">
			<!--<input type="submit" id="wssSendbutton" value="" />-->
		</form>
	</div>
 
<div class="bottomBar">
    <div class="bottomBy">By <a href="https://rossmarks.uk" target="_new">Ross Marks</a></div>
    <div class="bottomText"><a href="/inject.php?payload=test" target="_new">/inject.php?payload=[inject here]</a></div>
    <div class="bottomClear">
        <input type="button" id="clearPage" value="clear page" onclick="clearPage();"/>
    </div>
</div>
 
	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
	<script src="/script.js"></script>
</body>
</html>
+<html>
+<head>
+	<title>WSSSnoop</title>
+	<link rel="stylesheet" href="/style.css" type="text/css" />
+	<link href='http://fonts.googleapis.com/css?family=Source+Code+Pro' rel='stylesheet' type='text/css'>
+</head>
+<body>
+	<div class="topBar">
+		<div class="topTitle">
+				WSSSnoop
+			</div>
+		<center>
+			<input type="text" name="cswshURL" id="cswshURL" value="" placeholder="wss://snoop.me" style="width: 500px;">
+			<input type="button" id="startSnoop" value="start snooping" onclick="startSnooping()"/>
+			<input type="button" id="stopSnoop" value="stop snooping" style="display:none" onclick="stopSnooping()"/>
+			<br />
+			<div class="topcorner">
+				Status: <div id="status" style="display:inline-block; color:red"/>Offline</div>
+			</div>
+		</center>
+	</div>
+	<div class="container">
+		<div class="sidebar">
+			<div class="auto-header">Automations</div>
+		  <input class="auto-input" type="text" id="recvInput" placeholder="Recv">
+		  <input class="auto-input" type="text" id="sendInput" placeholder="Send">
+		  <button id="storeButton" onclick="storeValues()">Store</button>
+		  <table id="valueTable">
+		    <thead>
+		      <tr>
+		        <th>Recv</th>
+		        <th>Send</th>
+		        <th style="width: 20px;"></th>
+		      </tr>
+		    </thead>
+		    <tbody id="valueTableBody"></tbody>
+		  </table>
+		</div>
+		<div id="cswsh-output" ></div>
+	</div>
+	<div class="sendBar" style="display:none">
+		<form name="wssCommand" id="wssCommand"  action=""  onsubmit="return false">
+			<label id="label">$></label>
+			<input type="text" name="wssSendText" id="wssSendText" value="" placeholder="">
+			<!--<input type="submit" id="wssSendbutton" value="" />-->
+		</form>
+	</div>
+<div class="bottomBar">
+    <div class="bottomBy">By <a href="https://rossmarks.uk" target="_new">Ross Marks</a></div>
+    <div class="bottomText"><a href="/inject.php?payload=test" target="_new">/inject.php?payload=[inject here]</a></div>
+    <div class="bottomClear">
+        <input type="button" id="clearPage" value="clear page" onclick="clearPage();"/>
+    </div>
+</div>
+	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
+	<script src="/script.js"></script>
+</body>
+</html>

Ignore Space Show notes View WSSSnoop.png 0 → 100755

Ignore Space Show notes View

■■■■■

data_recv 0 → 100644

Ignore Space Show notes View

■■■■■

data_send 0 → 100644

                Ignore Space
               Show notes
              View
            
          
          60 ■■■■■
          inject.php
        
        
        
          0 → 100644
             <?php
// Set the file path
$dataSendFilePath = 'data_send';
$dataRecvFilePath = 'data_recv';
 
// Check if the payload parameter is set
if (isset($_REQUEST['response'])) {
    $response = $_REQUEST['response'];
    file_put_contents($dataRecvFilePath, $response);
    file_put_contents($dataSendFilePath, '');
    die();
}
 
// Check if the "payload" parameter exists in the request
if (isset($_REQUEST['payload'])) {
    // Get the payload value
    $payload = $_REQUEST['payload'];
 
    // Acquire an exclusive lock on the "data_send" file
    $sendFile = fopen('data_send', 'w');
    if (flock($sendFile, LOCK_EX)) {
        // Write the payload to the "data_send" file
        fwrite($sendFile, $payload);
 
        // Release the lock and close the file
        flock($sendFile, LOCK_UN);
        fclose($sendFile);
    } else {
        // Failed to acquire the lock
        die('Failed to write payload to data_send file.');
    }
}
 
// Check if the "data_recv" file contains data
while (true) {
    $dataRecv = file_get_contents('data_recv');
    
    // Check if the file contains data
    if (!empty($dataRecv)) {
        // Display the data
        echo $dataRecv;
        
        file_put_contents($dataRecvFilePath, '');
        file_put_contents($dataSendFilePath, '');
        // Exit the loop
        break;
    }
    
    // Wait for a second before checking again
    sleep(1);
}
 
 
 
 
 
 
 
 
?>
+<?php
+// Set the file path
+$dataSendFilePath = 'data_send';
+$dataRecvFilePath = 'data_recv';
+// Check if the payload parameter is set
+if (isset($_REQUEST['response'])) {
+    $response = $_REQUEST['response'];
+    file_put_contents($dataRecvFilePath, $response);
+    file_put_contents($dataSendFilePath, '');
+    die();
+}
+// Check if the "payload" parameter exists in the request
+if (isset($_REQUEST['payload'])) {
+    // Get the payload value
+    $payload = $_REQUEST['payload'];
+    // Acquire an exclusive lock on the "data_send" file
+    $sendFile = fopen('data_send', 'w');
+    if (flock($sendFile, LOCK_EX)) {
+        // Write the payload to the "data_send" file
+        fwrite($sendFile, $payload);
+        // Release the lock and close the file
+        flock($sendFile, LOCK_UN);
+        fclose($sendFile);
+    } else {
+        // Failed to acquire the lock
+        die('Failed to write payload to data_send file.');
+    }
+}
+// Check if the "data_recv" file contains data
+while (true) {
+    $dataRecv = file_get_contents('data_recv');
+    // Check if the file contains data
+    if (!empty($dataRecv)) {
+        // Display the data
+        echo $dataRecv;
+        file_put_contents($dataRecvFilePath, '');
+        file_put_contents($dataSendFilePath, '');
+        // Exit the loop
+        break;
+    }
+    // Wait for a second before checking again
+    sleep(1);
+}
+?>

Ignore Space Show notes View proxy-to-php-server.sh 0 → 100755

Ignore Space Show notes View script.js 0 → 100644

Ignore Space Show notes View simple-php-webserver.sh 0 → 100755

Ignore Space Show notes View style.css 0 → 100644

Show line notes below