ProfessionalCommunity Edition
WebSockets history
-
Last updated: June 18, 2024
-
Read time: 3 Minutes
You can use the WebSockets history to see a record of any WebSocket messages Burp's browser exchanges with web servers. You can use it to view, intercept, and modify the communication between Burp's browser and web servers. This enables you to:
- Study the behavior of a target website.
- Look for vulnerabilities in WebSockets handshakes and messages.
- Send interesting messages to other tools in Burp Suite for further testing.
The WebSockets history contains the following information:
- # - The request index number.
- URL - The URL of the WebSocket connection.
- Direction - The direction of the message (outgoing versus incoming).
- Edited - Flag whether the message was modified by the user.
- Length - The length of the response in bytes.
- Notes - Any user-applied note.
- TLS - Flag whether TLS is used.
- Time - The time the message was received.
- Listener port - The listener port on which the message was received.
- WebSocket ID - Burp's internal ID for the WebSocket that was used for the message.
The WebSockets history is always updated, even if Intercept is off. This enables you to browse without interruption while you monitor key details about application traffic.
Right-click any item in the table to access further options, such as sending requests to other Burp tools.
Changing the WebSockets history layout
You can customize the WebSockets history table in the following ways:
Hide columns - Right-click the header of the column you want to hide, then select Hide column.
Show hidden columns - Click the options menu > Table layout, then select the columns you want to display.
Move columns - Drag and drop the header of the column you want to move to its new location.
Add custom columns - Click the options menu > Add custom column to create a personalized column that displays the data you want to see. Learn more about Adding custom columns to your WebSockets history.
Sort the table - Click the header of the column you want to sort by. You can sort by ascending, descending, or unsorted.
Filter the data - Click the Filter settings bar, then choose either:
Settings mode - Use predefined checkboxes and fields to set your criteria. Learn more about filtering the WebSockets history with Settings mode.
Bambda mode - Write a Java-based Bambda to define your custom filter. Learn more about filtering the WebSockets history with Bambdas.
Restore the default layout - To return the table to its original state, click the > Table layout, then select Restore default table.
Viewing a request
If you select an item from the WebSockets history, the lower pane shows the relevant message. Any modified messages are shown separately. The message may have been modified through:
In addition to the main history view, you can also:
- Double-click an item to open it in a pop-up window.
- Right-click a message and select Show new history window to open a new history window with its own display filter.
- Access the Inspector, to easily view and edit interesting items.
- View and edit notes. To do this, click Notes.
Adding a custom column
You can create your own custom columns using Bambdas.
Custom columns enable you to see more detail about the items in your WebSockets history for a more focused analysis of what's important to you.
Two objects of the Montoya API are available to help you write these Bambdas:
ProxyWebSocketMessage
Utilities
To create a custom column for your WebSockets history table:
In Proxy > WebSockets history, click the options menu > Add custom column. The Add custom column window opens.
Enter a name for your custom column in the Column header field.
Write a Bambda to specify the data that the custom column displays.
Example Bambda
In the example below, we'll write a Bambda to create a custom column containing the session ID of the response.
Pattern pattern = Pattern.compile("\"sid\":\"(\\w.*)\"");
Matcher matcher = pattern.matcher(message.payload().toString());
matcher.find();
if (matcher.hasMatch())
{
return matcher.group(1);
}
return "";