Authentication support for websocat?

[pieterhouwen]

Hi Vi,

Is there a way to authenticate with websocat to a websocket? I'm currently using wscat (node) but I'm having trouble backgrounding it (backgrounding wscat makes it crash), so I'm wondering if websocat can do something similair to this:

wscat -c wss://socket.domain.tld/stream?token=AABBCCDDEEFF --auth user:password

[vi]

What does --auth do in wscat? Does it attach HTTP Basic authentication header?

If so, you can attach it in Websocat as well,

websocat --header='Authorization:Basic '$(echo myuser:mypassword | base64 -w0)  ws://127.0.0.1:1234/

[vi]

Why do you need to background a websocket client? Do you use it interactively (in this case rlwrap websocat can be better) or from scripts (in this case advanced Websocat modes can be more useful)?

[pieterhouwen]

Why do you need to background a websocket client?

I'm currently trying to make a service script which relies on messages received by the Gotify Stream endpoint.

When using > websocat --header='Authorization:Basic '$(echo myuser:mypassword | base64 -w0) ws://127.0.0.1:1234/ I'm getting a

websocat: Unknown address or overlay type of 

error with a (base64?) message.

My exact error:

root@backup-server:/tmp# ./websocat --header='Authorization:Basic ' $(echo backupuser:password | base64 -w0) wss://push.pieterhouwen.info/stream?token=token
websocat: Unknown address or overlay type of `YmFja3VwdXNlcjpwYXNzd29yZAo=`
Maybe you forgot the `:` character?

[vi]

n:Basic ' $(echo ba ' $

This space character between the closing single quote and the dollar sign should be removed.

[pieterhouwen]

Alright, that fixed that error but it looks like there's something going wrong with basic authentication:

websocat: WebSocketError: Received unexpected status code (401 Unauthorized)
websocat: error running

Which is weird because the wscat help page says:

  --auth <username:password>          add basic HTTP authentication header (--connect only)

[vi]

Does username or password contain any funny characters that may be mangled by echo?

You can try enclosing then in single quotes as well, like this: --header='Authorization:Basic ' $(echo 'backupuser:password' | base64 -w0)

If you execute the inner command echo 'backupuser:password' | base64 -w0 alone, then use base64 -d to decode that line back into a username and password pair, do you get your credentials back clearly?

[vi]

(Maybe it's time to add --auth option to Websocat proper, to make this process automatic, without subshelling)

[pieterhouwen]

My password does contain a # but that is being escaped properly and also returns clearly when I decode the base64 back to normal text.

An --auth option would be awesome to have implemented indeed!

[vi]

As a workaround (before I implement basic auth in websocat), you can listen TCP socket with netcat, like this: netcat -p 1234, then use wscat with --auth option to connect to localhost:1234, then capture ready-made Authorization header in netcat's output, then insert it in Websocat command line.

[pieterhouwen]

My netcat did not like that :)

root@backup-server:/tmp# netcat localhost 1234 -l




��
z��ʛ[�P�0�&�C�oՉ}o�Ap5*�p�/�+�0�,��'g�(k��̨̩̪���������]�a�W�S����������\�`�V�R�$j�#@�
�98�   �32������Q������P=<5/�
d
                                        localhost
                                                 


*(







This was the response for command:

wscat -c wss://localhost:1234 --auth backupuser:simplepassword

[pieterhouwen]

Removing the wss:// from the wscat gave me the proper authorization header on netcat, I think the issue was there needs to be a space between Authorization: and Basic.

I can now attach it to the websocket without issues

[pieterhouwen]

When backgrounding websocat with & I'm getting [1]+ 119820 Stopped (tty input). Do you have any idea how I can fix this or should I open a seperate issue for this?

[vi]

Websocat is reading input from console (which is not normally possible when backgrounded), hence getting stopped to avoid conflicting with e.g. Bash also reading input from console.

If you do not to input any data to Websocat, you can use -U option (maybe also with -n option) plus stdin redirect < /dev/null. That would make Websocat stay in background, possibly still printing incoming messages to console (unless tostop TTY option is set).

[pieterhouwen]

That worked! Thanks for the assistance! 👍