To test for a vulnerable websockets endpoint at URL
wss://xmpp.domain.example/xmpp-websocket, use the following
instructions:

1. Install `websocat` or any other tool you can use to interact with a
   WebSocket (this guide uses `websocat` for simplicity):

   cargo install websocat

2. Put the string 

   ```
   <!DOCTYPE open []><open xmlns='urn:ietf:params:xml:ns:xmpp-framing' id='' version='1.0' xml:lang='en'/>
   ```

   into a file (here called `req.xml`), without the ``` delimiters:

3. Run:

   websocat --protocol xmpp --text wss://xmpp.domain.example/xmpp-websocket - < req.xml

IF VULNERABLE:

  The response should include an XML element named `improper-addressing`, for instance:

  ```
  <open xmlns='urn:ietf:params:xml:ns:xmpp-framing' id='' version='1.0' xml:lang='en'/>
  <stream:error xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'><improper-addressing xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text xmlns='urn:ietf:params:xml:ns:xmpp-streams'>A &apos;to&apos; attribute is required on stream headers</text></stream:error>
  <close xmlns='urn:ietf:params:xml:ns:xmpp-framing'/>
  ```

IF PATCHED:

  The response should include a `not-well-formed` XML element, for
  instance:

  ```
  <open version='1.0' id='' xmlns='urn:ietf:params:xml:ns:xmpp-framing' xml:lang='en'/>
  <stream:error xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'><not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error>
  <close xmlns='urn:ietf:params:xml:ns:xmpp-framing'/>
  ```

ANY OTHER RESPONSE may indiciate a problem with the execution of these
instructions or an unexpected version of components and is not
conclusive!