Heuristic Analysis
How WSHawk autonomously identifies protocols, message schemas, and injection vectors.
Autonomous discovery
Unlike traditional scanners that require manual capture of requests, WSHawk's Message Analyzer engine uses heuristic patterns to identify the data format in real-time. It supports standard formats like JSON and XML, and can even infer structure from custom delimited protocols.
Schema Inference
When a message is captured, WSHawk builds a dynamic schema model. It identifies keys, value types (string, int, float, boolean), and nested objects. This allows for targeted injections that maintain the message's structural integrity.
1// Original message { 'op': 'update', 'params': { 'id': 42, 'msg': 'hello' } } // Inferred Schema Vector // - Root: Object // - op: String (Constant candidate) // - params: Object (Nested) // - params.id: Integer (ID/Numeric candidate) // - params.msg: String (Injection candidate)Traffic Attribution
WSHawk differentiates between "Application Traffic" and "System Traffic" (like heartbeats or PING/PONG sequences). This prevents wasting resources on injections into non-exploitable system control messages.
Intelligent Filtering
Our analyzer uses entropy checks to ignore high-entropy binary blobs that are likely encrypted or compressed, focusing only on human-readable or structured data.
Protocol Handlers
WSHawk v2.0 introduces support for custom protocol plugins. If the target uses Protobuf or MsgPack, you can load a ProtocolPlugin to decode the traffic before the heuristic engine analyzes it.
1# Using a custom protocol plugin from wshawk.plugin_system import PluginManager, ProtocolPlugin class ProtobufHandler(ProtocolPlugin): async def handle_message(self, message, context): # Decode logic here... return decoded_json manager = PluginManager() manager.register_plugin(ProtobufHandler())