The WebSocket protocol enables bi-directional, full-duplex communication channel over a single TCP socket. The WebSocket Protocol is designed to work between web browsers and servers, but it can be used in any application. The goal of the WebSocket protocol is to provide a mechanism for applications in web browsers that need two-way communication with servers that does not rely on opening multiple HTTP connections. This test suite can be used to test WebSocket servers for security flaws and robustness problems. The test suite contains test cases for testing WebSocket protocol specific operations like WebSocket Handshake and control frames. Additionally the test suite can be configured to test web service specific payload which goes over the WebSocket.
Used specifications
Specification
Title
Notes
RFC6455
The WebSocket Protocol
RFC6454
The Web Origin Concept
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
Parts that are needed in WebSocket Handshake
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1
Parts that are needed in WebSocket Handshake
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
Parts that are needed in WebSocket Handshake
Tool-specific information
Tested messages
Notes
Specifications
WebSocket Handshake Request
RFC6455
WebSocket Control Frame - Close
RFC6455
WebSocket Control Frame - Ping
RFC6455
WebSocket Control Frame - Pong
RFC6455
WebSocket Data Frame
RFC6455
Feature
Description
WebSocket payload fuzzing
Payload that goes over WebSocket can be fuzzed.
JSON payload fuzzing
Specific test cases are generated for JSON payload.