Stealing Secrets from Developers using Websockets

The Scheme

  1. Either set-up, or inject advertising malware into a popular site that front-end developers tend to frequent. Let’s say http://frontend-overflowstack.com/
  2. On this page, add code that tries to open websockets connections to common ports (scanning 10k ports takes a second or so, so you can be quite generous here)
  3. If the page manages to open a connection, hold it open, and forward all messages received to your secret database of nefariousness.
  4. ?
  5. Profit

Does it work?

Generating Data

The plot thickens

$ npx create-react-app test
$ cd test/
$ npm start

Threat Assessment

Limiting factors

Compounding Considerations

Remediation

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store