WebSockets Active Scanning

For my contribution to the ZAP I am going to implement an active web socket scan. Specifically, I will develop an extension for WebSocket add-on by adding some Active Scans. The Active scan will include tests to web application in SQL Injections vulnerabilities.To accomplish my idea I will test web application using Time Based techniques. Another significant vulnerability is that the WebSocket protocol doesn’t handle authentication. Practically this means that, a WebSocket opened from a page behind authentication doesn’t “automatically” receive any sort of authentication. That makes possible to establish a connection without authentication making use of http and origin headers field of the client. Some other posible attacks and scans at WebSockets are the classic bruteforce attack, Local and Remote file inclusion, the Stored and Reflected Cross-Site Scripting. I am going to implement some of the above scans, (as more as possible) starting with SQls Injections. I strongly believe that we could easily add the scans if the basic infrastructure was build. Aditional, the extensions will come with appropriate user interface and API.