VebSoketlər
WebSockets can be used by web applications or web sites to setup a
bi-directional (two-way), full duplex communication channel over a
single TCP connection.
It features a lightweight protocol, allowing developers to realize
realtime use cases. WebSockets do also provide an alternative to
heavy use of Ajax, HTTP Long Polling or Comet.
After an initial HTTP based handshake, the TCP connection is kept open,
allowing applications to send & receive arbitrary data. Often port
80 or 443 for encrypted WebSocket channels are used.
The WebSocket standard is defined in
- The WebSocket API (http://www.w3.org/TR/websockets/)
- specifies the interface in browsers
- The WebSocket Protocol (RFC6455) (https://tools.ietf.org/html/rfc6455)
- describes the structure of WebSocket frames upon TCP
ZAP is able to:
- intercept and show WebSocket messages
- set breakpoints on specific types of WebSocket messages
- fuzz WebSocket messages (send lots of invalid or unexpected data to a browser or server)
- passively scan WebSocket messages and raise alerts with scripts
WebSocket messages are displayed within the WebSockets tab.
The WebSocket add-on adds new scripts and additional endpoints to the ZAP API