WS Todo - HackTheBox Web Challenge (Medium)

Walk through of the recently retired hackthebox web challenge "WS-Todo". https://app.hackthebox.com/challenges/WS-Todo ▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬ 00:00 - Intro 00:55 - Challenge Overview 05:08 - Initial Code Analysis 13:05 - Same Origin Policy 17:28 - Test XSS Attack 21:10 - Forming WebSocket Request 28:44 - Retrieving Encrypted Flag 39:14 - Final Payload 43:33 - Decrypting The Flag ▬ Self-Promotion ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Twitter: https://twitter.com/Hilb3r7 GitHub: https://github.com/Hilb3r7 Web: https://hilb3r7.github.io/