Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets 

This blog post demonstrates Cross-Site WebSocket Hijacking (CSWSH): how WebSocket handshake Origin validation gaps combined with cookies set SameSite=None enable a malicious webpage to hijack an authenticated WebSocket session (proof-of-concept with step-by-step PoC and exploit server), the detection workflow using Burp Suite, example exploitation scenarios (data exfiltration, privilege escalation, potential RCE when combined with other flaws), and recommended defenses (strict Origin allowlist and more restrictive SameSite cookie settings).