OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the ones listed in the application.
https://owasp.org/www-project-damn-vulnerable-web-sockets/
In the hosts file of your attacker machine create an entry for dvws.local to point at the IP address hosting the DVWS application.
Location of hosts file:
Windows: C:\windows\System32\drivers\etc\hosts
Linux: /etc/hosts
Sample entry for hosts file:
192.168.100.199 dvws.local
The application requires the following:
Apache + PHP + MySQL
PHP with MySQLi support
Note: Ratchet and ReactPHP-MySQL are packaged inside DVWS. Separate installation is not required.
Set the MySQL hostname, username, password and an existing database name in the includes/connect-db.php file then go to Setup to finish setting up DVWS.
On the host running this application, run the following command from DVWS directory: php ws-socket.php
DVWS has been developed with limited knowledge of Web Sockets. Feel free to contribute and enhance this project.
