[op00to]

I see this over and over: "I HAVE HIJACKED THE SERVERS WEBSOCKET TO SEND CUSTOM MESSAGES IF YOU WANT TO DO THE SAME SEE THE FOLLOWING LINK [...]"

[coldfoundry]

Yeah, there was no hijacking of a server-side websocket at all, just sending client socket messages to the server since there is no auth or ratelimiting. Sucks thats it’s so frequent, ruins the experience. You can essentially do this to any websocket you’re connected to.

[anonyonoor]

I followed the link and surprisingly, instead of a scam, it was actually an explanation of how to send custom web socket messages.

https://rentry.co/MG5TR43

[op00to]

Braver than me!

[firtoz]

Note to self: when doing HN demos, bulletproof your endpoints