> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# WebSockets Vulnerabilities

> Cross-platform resources for WebSockets Vulnerabilities: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# WebSockets Vulnerabilities

This page aggregates **cross-platform resources to practice WebSockets Vulnerabilities**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source      | Link                                                                                               |
| ----------- | -------------------------------------------------------------------------------------------------- |
| PortSwigger | [https://portswigger.net/web-security/websockets](https://portswigger.net/web-security/websockets) |

## HTB machines practicing WebSockets Vulnerabilities (1)

| Machine                                                    | OS      | Difficulty                                           |
| ---------------------------------------------------------- | ------- | ---------------------------------------------------- |
| [MultiMaster](/en/htb/machines/windows/insano/multimaster) | Windows | <span className="dbadge dbadge-insane">INSANE</span> |

## PortSwigger labs practicing WebSockets Vulnerabilities (2)

| Lab                                                                                                                                                  | Difficulty                                                 | Topic      | Official                                                                                                      |
| ---------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------------------------- |
| [Manipulating WebSocket messages to exploit vulnerabilities](/en/portswigger/labs/websockets/manipulating-messages-to-exploit-vulnerabilities)       | <span className="dbadge dbadge-easy">APPRENTICE</span>     | WebSockets | [Open](https://portswigger.net/web-security/websockets/lab-manipulating-messages-to-exploit-vulnerabilities)  |
| [Manipulating the WebSocket handshake to exploit vulnerabilities](/en/portswigger/labs/websockets/manipulating-handshake-to-exploit-vulnerabilities) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | WebSockets | [Open](https://portswigger.net/web-security/websockets/lab-manipulating-handshake-to-exploit-vulnerabilities) |

## TryHackMe rooms practicing WebSockets Vulnerabilities (2)

| Room                                                                    | Difficulty                                         | Type        | Access  | Official                                              |
| ----------------------------------------------------------------------- | -------------------------------------------------- | ----------- | ------- | ----------------------------------------------------- |
| [AWS API Gateway](/en/tryhackme/rooms/awsapigateway)                    | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/awsapigateway)      |
| [Request Smuggling: WebSockets](/en/tryhackme/rooms/wsrequestsmuggling) | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/wsrequestsmuggling) |

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"WebSockets Vulnerabilities","termCode":"websockets","inLanguage":"en","url":"https://rootea.es/en/skills/websockets","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing WebSockets Vulnerabilities","numberOfItems":1,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/windows/insano/multimaster","name":"MultiMaster"}]}`}
</script>

*Last updated: 2026-06-07*
