Does anyone have a websocket connection working with an application proxy (e.g. burp or zap)?
For example, I have a working version of jWebSockets with works perfectly on my local machine.
However, when I intercept with Burp or Zap the connection times out and I get no server response back.
I have increased the timeout settings on the server side but this does not make a difference.
I have also tried using the invisible proxy option.
Thank you.
There are very few tools that support web sockets right now as its really a completely new protocol.
The current version of ZAP (1.4.1) wont, but the next major version will: http://code.google.com/p/zaproxy/wiki/GSoC2012_WebSockets
If you can build ZAP from the trunk then it will support web sockets - build instructions here: http://code.google.com/p/zaproxy/wiki/Building
It will allow you to view web socket traffic, intercept and change it and fuzz it to try and find vulnerabilities.
Let us know if you have any problems with it, eg via the ZAP developer group: http://groups.google.com/group/zaproxy-develop
Simon (ZAP Project Lead).
Update - Web Sockets support in ZAP is now available in the weekly cross-platform releases, which can be downloaded from http://code.google.com/p/zaproxy/downloads/list so you dont have to build it yourself
