To test for a vulnerable websockets endpoint at URL wss://xmpp.domain.example/xmpp-websocket, use the following instructions: 1. Install `websocat` or any other tool you can use to interact with a WebSocket (this guide uses `websocat` for simplicity): cargo install websocat 2. Put the string ``` ``` into a file (here called `req.xml`), without the ``` delimiters: 3. Run: websocat --protocol xmpp --text wss://xmpp.domain.example/xmpp-websocket - < req.xml IF VULNERABLE: The response should include an XML element named `improper-addressing`, for instance: ``` A 'to' attribute is required on stream headers ``` IF PATCHED: The response should include a `not-well-formed` XML element, for instance: ``` ``` ANY OTHER RESPONSE may indiciate a problem with the execution of these instructions or an unexpected version of components and is not conclusive!