OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA.

In the "hosts" file of your attacker machine create an entry for "65.0.61.69" to point at the IP address hosting the DVWS application. Location of the "hosts" file:

Windows: C:\windows\System32\driverstc\hosts
Linux: /etc/hosts

Sample entry for hosts file:
192.168.100.199          65.0.61.69

The application requires the following:

1. Apache + PHP + MySQL
2. PHP with MySQLi support
3. Ratchet
4. ReactPHP-MySQL

Set the MySQL hostname, username, password and an existing database name in the "includes/connect-db.php" file then go to Setup to finish setting up DVWS.

On the host running this application, run the following command from DVWS directory:

composer install
php ws-socket.php --heartbeat-interval 10

This open-source project is hosted here https://github.com/interference-security/DVWS/.

DVWS created by @xploresec