In this blog post I describe Cross-Site WebSocket Hijacking (CSWSH) vulnerabilities sometimes found in WebSocket based applications. Jan 24, 2017. For this example, I wanted to see how many WebSocket requests I could achieve from a single browser client. To make the test more realistic, I had the server insert a simple record into a Sqlite database on each Web Socket request. As a point of reference, here are the…