Feature #2695
openwebsocket support
Description
At Suricon2018 support for WebSockets was requested.
Jason Ish, Danny Browning and Matt offered to work on this.
Rust would be preferred.
Updated by Victor Julien almost 5 years ago
- Related to Task #2685: SuriCon 2018 brainstorm added
Updated by Bryant Smith over 4 years ago
I have a Lua script I've developed to unmask websockets. I can add this to the git repo while a rust parser is being created.
Updated by Jason Ish almost 4 years ago
- Related to Feature #3285: rules: XOR keyword added
Updated by Brandon Murphy over 1 year ago
just wanted to bump this request WebSockets is still used by malware, recently case of it is documented here https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Updated by Brandon Murphy over 1 year ago
just another bump - APT actor using websockets
https://cert.gov.ua/article/37704
Translated to English -- https://cert-gov-ua.translate.goog/article/37704?_x_tr_sl=uk&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
I was able to confirm this traffic using WebSockets - can share a pcap privately if needed, but looks like standard websockets use here.
Updated by Brandon Murphy 9 months ago
redteam tooling using WebSockets
https://github.com/dobin/antnium
Updated by Brandon Murphy 2 months ago
just another example of a RAT using websockets
https://asec.ahnlab.com/en/52899/
Source Code: https://github.com/XZB-1248/Spark/