WebSocket Client Test Suite Data Sheet
Test Suite:
WebSocket Client Test Suite
Direction:
Client

The WebSocket protocol enables bi-directional, full-duplex communication channel over a single TCP socket. The WebSocket Protocol is designed to work between web browsers and servers, but it can be used in any application. The goal of the WebSocket protocol is to provide a mechanism for applications in web browsers that need two-way communication with servers that does not rely on opening multiple HTTP connections. This test suite can be used to test WebSocket clients for security flaws and robustness problems. The test suite contains test cases for testing WebSocket protocol specific operations like WebSocket Handshake and control frames. Additionally the test suite can be configured to test web service specific payload which goes over the WebSocket.

Used specifications

Specification
Title
RFC6455

The WebSocket Protocol

RFC6454

The Web Origin Concept

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

RFC2616

Hypertext Transfer Protocol -- HTTP/1.1

RFC2617

HTTP Authentication: Basic and Digest Access Authentication

Tool-specific information

Tested messages
Notes
Specifications
WebSocket Handshake Response
RFC6455
WebSocket Control Frame - Close
RFC6455
WebSocket Control Frame - Pong
RFC6455
WebSocket Data Frame
RFC6455

Feature
Description
WebSocket payload fuzzing

Payload that goes over WebSocket can be fuzzed.

JSON payload fuzzing

Specific test cases are generated for JSON payload.

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis