Initial commit
1 parent f5b21b4 commit 10599cffb950dce40efb57042b7ef6af646c945d
0xRoM authored on 6 Jul 2023
Showing 10 changed files
View
28
README.md
WSSSnoop
===============
 
play with websockets intercept and inject data
Play with websockets intercept and inject data
 
![WSSSnoop main screen](WSSSnoop.png)
 
# <u>Installing</u>
Simply clone the repo, make the bash scripts executable, run "simple-php-webserver.sh" and browse to the correct URL to get started:
 
$> git clone https://rossmarks.uk/git/git/0xRoM/WSSSnoop.git
$> cd WSSSnoop
$> chmod -v +x simple-php-webserver.sh proxy-to-php-server.sh
$> ./simple-php-webserver.sh
 
View
66
WSSSnoop.html 0 → 100755
<html>
<head>
<title>WSSSnoop</title>
<link rel="stylesheet" href="/style.css" type="text/css" />
<link href='http://fonts.googleapis.com/css?family=Source+Code+Pro' rel='stylesheet' type='text/css'>
</head>
<body>
<div class="topBar">
<div class="topTitle">
WSSSnoop
</div>
<center>
<input type="text" name="cswshURL" id="cswshURL" value="" placeholder="wss://snoop.me" style="width: 500px;">
<input type="button" id="startSnoop" value="start snooping" onclick="startSnooping()"/>
<input type="button" id="stopSnoop" value="stop snooping" style="display:none" onclick="stopSnooping()"/>
<br />
<div class="topcorner">
Status: <div id="status" style="display:inline-block; color:red"/>Offline</div>
</div>
</center>
</div>
 
<div class="container">
 
<div class="sidebar">
<div class="auto-header">Automations</div>
<input class="auto-input" type="text" id="recvInput" placeholder="Recv">
<input class="auto-input" type="text" id="sendInput" placeholder="Send">
<button id="storeButton" onclick="storeValues()">Store</button>
<table id="valueTable">
<thead>
<tr>
<th>Recv</th>
<th>Send</th>
<th style="width: 20px;"></th>
</tr>
</thead>
<tbody id="valueTableBody"></tbody>
</table>
</div>
 
<div id="cswsh-output" ></div>
 
</div>
 
<div class="sendBar" style="display:none">
<form name="wssCommand" id="wssCommand" action="" onsubmit="return false">
<label id="label">$></label>
<input type="text" name="wssSendText" id="wssSendText" value="" placeholder="">
<!--<input type="submit" id="wssSendbutton" value="" />-->
</form>
</div>
 
<div class="bottomBar">
<div class="bottomBy">By <a href="https://rossmarks.uk" target="_new">Ross Marks</a></div>
<div class="bottomText"><a href="/inject.php?payload=test" target="_new">/inject.php?payload=[inject here]</a></div>
<div class="bottomClear">
<input type="button" id="clearPage" value="clear page" onclick="clearPage();"/>
</div>
</div>
 
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script src="/script.js"></script>
</body>
</html>
View
WSSSnoop.png 0 → 100755
View
0
■■■■■
data_recv 0 → 100644
View
0
■■■■■
data_send 0 → 100644
View
60
inject.php 0 → 100644
<?php
// Set the file path
$dataSendFilePath = 'data_send';
$dataRecvFilePath = 'data_recv';
 
// Check if the payload parameter is set
if (isset($_REQUEST['response'])) {
$response = $_REQUEST['response'];
file_put_contents($dataRecvFilePath, $response);
file_put_contents($dataSendFilePath, '');
die();
}
 
// Check if the "payload" parameter exists in the request
if (isset($_REQUEST['payload'])) {
// Get the payload value
$payload = $_REQUEST['payload'];
 
// Acquire an exclusive lock on the "data_send" file
$sendFile = fopen('data_send', 'w');
if (flock($sendFile, LOCK_EX)) {
// Write the payload to the "data_send" file
fwrite($sendFile, $payload);
 
// Release the lock and close the file
flock($sendFile, LOCK_UN);
fclose($sendFile);
} else {
// Failed to acquire the lock
die('Failed to write payload to data_send file.');
}
}
 
// Check if the "data_recv" file contains data
while (true) {
$dataRecv = file_get_contents('data_recv');
// Check if the file contains data
if (!empty($dataRecv)) {
// Display the data
echo $dataRecv;
file_put_contents($dataRecvFilePath, '');
file_put_contents($dataSendFilePath, '');
// Exit the loop
break;
}
// Wait for a second before checking again
sleep(1);
}
 
 
 
 
 
 
 
 
?>
View
proxy-to-php-server.sh 0 → 100755
View
script.js 0 → 100644
View
simple-php-webserver.sh 0 → 100755
View
style.css 0 → 100644
Buy Me A Coffee