1
Star0
Fork 18 barkinet/wssip
forked from FreedomCodes/wssip
Code Pull requests 0 Projects 0 Wiki Settings Insights
Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa. Edit
Add topics
50 commits
2 branches
2 releases
1 contributor
JavaScript 100.0%
JavaScript
Clone or download Create new file Upload files Find file Branch: master New pull request
Pull request Compare This branch is even with FreedomCodes:master.
Latest commit f89b91d on 19 May thekettu bump travis
app Version 1.0.11 2 months ago
build Move dependencies to either dev or optional 3 months ago
lib Version 1.0.11 2 months ago
mitmengine Version 1.0.10 2 months ago
src Version 1.0.11 2 months ago
.eslintrc.yml Version 1.0.2 (Public Release and Initial Commit) 3 months ago
.gitignore Version 1.0.6 3 months ago
.npmignore Update npmignore with gitignore 3 months ago
.npmrc Version 1.0.6 3 months ago
.travis.yml bump travis 2 months ago
LICENSE Version 1.0.2 (Public Release and Initial Commit) 3 months ago
README.md Version 1.0.11 2 months ago
appveyor.yml Version 1.0.11 2 months ago
package.json bump travis 2 months ago
webpack.config.js Version 1.0.11 2 months ago
webpack.config.prod.js Version 1.0.11 2 months ago
yarn.lock Version 1.0.11 2 months ago
README.md
WSSiP: A WebSocket Manipulation Proxy
Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server.
Upstream proxy support also means you can forward HTTP/HTTPS traffic to an intercepting proxy of your choice (e.g. Burp Suite or Pappy Proxy) but view WebSocket traffic in WSSiP. More information can be found on the blog post.
There is an outward bridge via HTTP to write a fuzzer in any language you choose to debug and fuzz for security vulnerabilities. See Fuzzing for more details.
Written and maintained by Samantha Chalker (@thekettu). Icon for WSSiP release provided by @dragonfoxing.
Installation
From Packaged Application
See Releases.
From npm/yarn (for CLI commands)
Run the following in your command line:
npm:
# Install Electron globally
npm i -g electron@1.7
# Install wssip global for “wssip” command
npm i -g wssip
# Launch!
wssip
yarn: (Make sure the directory in yarn global bin is in your PATH)
yarn global add electron@1.7
yarn global add wssip
wssip
You can also run npm install electron (or yarn add electron) inside the installed WSSiP directory if you do not want to install Electron globally, as the app packager requires Electron be added to developer dependencies.
From Source
Using a command line:
# Clone repository locally
git clone http://ift.tt/2qyK2Q9
# Change to the directory
cd wssip
# If you are developing for WSSiP:
# npm i
# If not… (as to minimize disk space):
npm i -g electron@1.7
npm i –production
# Start application:
npm start
Usage
Open the WSSiP application.
WSSiP will start listening automatically. This will default to localhost on port 8080.
Optionally, use Tools > Use Upstream Proxy to use another intercepting proxy to view web traffic.
Configure the browser to point to http://localhost:8080/ as the HTTP Proxy.
Navigate to a page using WebSockets. A good example is the WS Echo Demonstration.
???
Potato.
Fuzzing
WSSiP provides an HTTP bridge via the man-in-the-middle proxy for custom applications to help fuzz a connection. These are accessed over the proxy server.
A few of the simple CA certificate downloads are:
http://mitm/ca.pem / http://mitm/ca.der (Download CA Certificate)
http://mitm/ca_pri.pem / http://mitm/ca_pri.der (Download Private Key)
http://mitm/ca_pub.pem / http://mitm/ca_pub.der (Download Public Key)
Get WebSocket Connection Info
Returns whether the WebSocket id is connected to a web server, and if so, return information.
URL
URL Params
id=[integer]
Success Response (Not Connected)
Code: 200
Content: {connected: false}
Success Response (Connected)
Code: 200
Content: {connected: true, url: ‘http://ift.tt/2tP8sWL;, bytesReceived: 0, extensions: {}, readyState: 3, protocol: ”, protocolVersion: 13}
Send WebSocket Data
Send WebSocket data.
URL
POST http://mitm/ws/:id/:sender/:mode/:type?log=:log&mask=:mask
URL Params
Required:
id=[integer]
sender one of client or server
mode one of message, ping or pong
type one of ascii or binary (text is an alias of ascii)
Optional:
log either true or y to log in the WSSiP application. Errors will be logged in the WSSiP application instead of being returned via the REST API.
mask either true or y to set WebSocket flag to mask.
Data Params
Raw data in the POST field will be sent to the WebSocket server.
Success Response:
Code: 200
Content: {success: true}
Error Response:
Code: 500
Content: {success: false, reason: ‘Error message’}
Development
Pull requests are welcomed and encouraged. WSSiP supports the debug npm package, and setting the environment variable DEBUG=wssip:* will output debug information to console.
There are two commands depending on how you want to compile the Webpack bundle: for development, that is npm run compile:dev and for production is npm run compile. React will also log errors depending on whether development or production is specified.
Currently working on:
Exposed API for external scripts for fuzzing (99% complete, it is live but need to test more data)
Saving/Resuming Connections from File (35% complete, exporting works sans active connections)
Using WSSiP in browser without Electron (likely 1.1.0)
Rewrite in TypeScript (likely 1.2.0)
Using something other than Appbar for Custom/Intercept tabs, and styling the options to center better
For information on using the mitmengine class, see: npm, yarn, or mitmengine/README.md
via http://ift.tt/2uOg90F
from WordPress http://ift.tt/2tUNwS7
via IFTTT
No comments:
Post a Comment