Which test tools support websocket connections?

I am looking for a tool to test communication between 2 entities via websockets (and JSON).
Looks like Postman is not quite mature in this area and there are quite a few limitations.
I have not been able to find clear information about SoapUI’s support in this area, but to me it looks like we need a plugin for it.

Any information from you regarding support for websockets in Postman and SoapUI would be very much appreciated.

If you know of other tools, I’d be more than happy to get that information too.

Thank you

1 Like

Hi! Depends on the kind of tests and the way how and what you want to do/to test but if you want to intersect web socket communication and manipulate messages/handshake you can try Burp Suite
check this link for additional details Testing for WebSocket vulnerabilities with Burp Suite - PortSwigger

1 Like

Thanks, Konstantin.
I’m actually looking for a tool with which I can setup a websocket connection to a server and send messages back and forth in JSON format. At the moment I don’t need the tool to test vulnerabilities, but rather just the intended functionality.

I don’t suggest it to you as a tool for testing vulnerability because for this testing it’s not enough just to use 1 tool :wink: As I wrote, you can intercept web socket communication between your app and server and change request bode with the JSON you want. This tool has a simple interface and feature to repeat requests and send your JSON file messages every time. Because of the tool’s features and its proxy, you can (partly) cover the tests you describe
d. But it’s up to you, you can try to find something else specifically for what you described or you can write your own client, e.g. in Python (there plenty of info how to do this) but it’s time-consuming

import websocket

def message(ws, message):
    print('message', message)

def close(ws):
    print('websocket is closed')

def open(ws):
    ws.send('{{your_mesage}}')

if __name__ == "__main__":
    ws_address = "ws://localhost:80"
    
    websocket.enableTrace(True) 
    ws = websocket.WebSocketApp(ws_address,
                                on_message=message,
                                on_close=close)
    ws.on_open = open

    ws.run_forever()

Sounds interesting! Thank you for the info. I’ll look into it.

1 Like

There’s also wscat for CLI based tooling: GitHub - websockets/wscat: WebSocket cat

There might be some plugins for JMeter for WS.

This I recall recently added or will add WS support: GitHub - httptoolkit/httptoolkit: HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac Open an issue here to give feedback or ask for help.

1 Like

There are a few WebSocket apps that can help you, such as WebSocket Inspector and WebSocket Tester.

If you are looking for other alternatives, you can consider using JMeter, Postman, and Apidog.