Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA.

In the "hosts" file of your attacker machine create an entry for "dvws.local" to point at the IP address hosting the DVWS application. Location of the "hosts" file:
Windows: C:\windows\System32\driverstc\hosts
Linux: /etc/hosts
Sample entry for hosts file:
192.168.100.199          dvws.local

The application requires the following:

1. Apache + PHP + MySQL
2. PHP with MySQLi support
3. Ratchet
4. ReactPHP-MySQL

Set the MySQL hostname, username, password and an existing database name in the "includes/connect-db.php" file then go to Setup to finish setting up DVWS.

On the host running this application, run the following command from DVWS directory: php ws-socket.php

This open-source project is hosted here https://github.com/interference-security/DVWS/.

DVWS created by @xploresec