OWASP Damn Vulnerable Web Sockets (DVWS)

OWASP Damn Vulnerable Web Sockets (DVWS) Project

Damn Vulnerable Web Sockets (DVWS) is a deliberately vulnerable and insecure web application which works on web sockets for client-server communication. It is built on PHP with Ratchet and utilizes MySQL as backend database. It allows users to test their web sockets testing skills, tools and scripts for web socket vulnerabilities. Web socket testing can be performed using OWASP ZAP and Burp Suite.

Description

Damn Vulnerable Web Sockets (DVWS) is a deliberately vulnerable and insecure web application which works on web sockets for client-server communication. It is built on PHP with Ratchet and utilizes MySQL as backend database. DVWS has a number of functionalities which you commonly see in every other web application, they have been implemented in web sockets which is different from a typical web application communication.

The following vulnerabilities can be found:

Brute Force
Command Execution
Cross-Site Request Forgery
File Inclusion
Error based SQL Injection
Blind SQL Injection
Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Session Management Issues
Cross Origin Issue

It requires the following to work properly:

Apache + PHP + MySQL
PHP with MySQLi support
Ratchet
ReactPHP-MySQL

Note: Ratchet and ReactPHP-MySQL are packaged inside DVWS. Separate installation is not required.

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.