search

vi / websocat

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions
MIT License
6.74k stars 261 forks source link

how to send message to websocket #93

Closed mmm286 closed 3 years ago

mmm286 commented 3 years ago

Hi! I'm trying to send message with command line with websocat but I can't see that message arrives. I do:

echo "0j281nwq9mjysddsfsd" | websocat_arm-linux-static -vv -k wss://mongooseimprotool-prod.wallapop.com/ws-xmpp -H "'Sec-WebSocket-Protocol: xmpp" -H "Sec-WebSocket-Key: EOuQ0Dgwvs53p1Vhb/tjyA=="

What steps should I do? Could you help me please? Thanks!

vi commented 3 years ago

-vv

What diagnostic messages does it output?

I'm trying to send message with command line with websocat but I can't see that message arrives

Is receiving works?

Another debugging command to try:

echo "0j281nwq9mjysddsfsd" | ./websocat_arm-linux-static -t -H "'Sec-WebSocket-Protocol: xmpp" -H "Sec-WebSocket-Key: EOuQ0Dgwvs53p1Vhb/tjyA==" --ws-c-uri=wss://mongooseimprotool-prod.wallapop.com/ws-xmpp - ws-connect:sh-c:'socat -v -x - ssl:mongooseimprotool-prod.wallapop.com:443,verify=0'

This needs socat programm to be installed. For me it outputs:

> 2020/09/06 19:40:31.046116  length=212 from=0 to=211
 47 45 54 20 2f 77 73 2d 78 6d 70 70 20 48 54 54  GET /ws-xmpp HTT
 50 2f 31 2e 31 0d 0a                             P/1.1..
 27 53 65 63 2d 57 65 62 53 6f 63 6b 65 74 2d 50  'Sec-WebSocket-P
 72 6f 74 6f 63 6f 6c 3a 20 78 6d 70 70 0d 0a     rotocol: xmpp..
 53 65 63 2d 57 65 62 53 6f 63 6b 65 74 2d 4b 65  Sec-WebSocket-Ke
 79 3a 20 36 4b 58 77 61 65 6d 50 76 67 64 50 4a  y: 6KXwaemPvgdPJ
 6c 2b 4e 4d 67 6f 70 33 41 3d 3d 0d 0a           l+NMgop3A==..
 48 6f 73 74 3a 20 6d 6f 6e 67 6f 6f 73 65 69 6d  Host: mongooseim
 70 72 6f 74 6f 6f 6c 2d 70 72 6f 64 2e 77 61 6c  protool-prod.wal
 6c 61 70 6f 70 2e 63 6f 6d 0d 0a                 lapop.com..
 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 55 70 67 72  Connection: Upgr
 61 64 65 0d 0a                                   ade..
 55 70 67 72 61 64 65 3a 20 77 65 62 73 6f 63 6b  Upgrade: websock
 65 74 0d 0a                                      et..
 53 65 63 2d 57 65 62 53 6f 63 6b 65 74 2d 56 65  Sec-WebSocket-Ve
 72 73 69 6f 6e 3a 20 31 33 0d 0a                 rsion: 13..
 0d 0a                                            ..
--
< 2020/09/06 19:40:31.288249  length=159 from=0 to=158
 48 54 54 50 2f 31 2e 31 20 31 30 31 20 53 77 69  HTTP/1.1 101 Swi
 74 63 68 69 6e 67 20 50 72 6f 74 6f 63 6f 6c 73  tching Protocols
 0d 0a                                            ..
 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 55 70 67 72  connection: Upgr
 61 64 65 0d 0a                                   ade..
 53 65 63 2d 57 65 62 53 6f 63 6b 65 74 2d 50 72  Sec-WebSocket-Pr
 6f 74 6f 63 6f 6c 3a 20 78 6d 70 70 0d 0a        otocol: xmpp..
 75 70 67 72 61 64 65 3a 20 77 65 62 73 6f 63 6b  upgrade: websock
 65 74 0d 0a                                      et..
 73 65 63 2d 77 65 62 73 6f 63 6b 65 74 2d 61 63  sec-websocket-ac
 63 65 70 74 3a 20 42 79 39 43 73 63 73 75 53 75  cept: By9CscsuSu
 72 42 48 77 72 55 44 4b 68 57 7a 51 6c 33 30 6b  rBHwrUDKhWzQl30k
 63 3d 0d 0a                                      c=..
 0d 0a                                            ..
--
> 2020/09/06 19:40:31.290830  length=32 from=212 to=243
 81 94 ca 74 0c e1 fa 1e 3e d9 fb 1a 7b 90 f3 19  ...t....>...{...
 66 98 b9 10 68 92 ac 07 68 eb 88 80 bd 07 9b c4  f...h...h.......
--
< 2020/09/06 19:40:31.515627  length=2 from=159 to=160
 88 00                                            ..
--

This shows that someting is being sent to server after connecting.

mmm286 commented 3 years ago

Thanks. The winsocket works. I don't have access to winsocket server, maybe is problem of authentication, other comands I've tried:

++ echo '<r xmlns=urn:xmpp:sm:3/>'
++ websocat_arm-linux-static -vvv -k wss://mongooseimprotool-prod.wallapop.com/ws-xmpp -H ''\''Sec-WebSocket-Protocol: xmpp' -H 'Sec-WebSocket-Key: EOuQ0Dgwvs53p1Vhb/tjyA==' -H 'Authorization: Bearer w52kPzexqus6tJCHBTUrDNi3LIR9WrynOClaOq8ciyoWeTuoPYdPlpBBP1BHM3EjyOpKxG'
[INFO  websocat::lints] Auto-inserting the line mode
[DEBUG websocat] Done third phase of interpreting options.
[DEBUG websocat] Done fourth phase of interpreting options.
[DEBUG websocat] Preparation done. Now actually starting.
[DEBUG websocat::sessionserve] Serving Line2Message(Stdio) to Message2Line(WsClient("wss://mongooseimprotool-prod.wallapop.com/ws-xmpp")) with Options { websocket_text_mode: true, websocket_protocol: None, websocket_reply_protocol: None, udp_oneshot_mode: false, udp_broadcast: false, udp_multicast_loop: false, udp_ttl: None, udp_join_multicast_addr: [], udp_join_multicast_iface_v4: [], udp_join_multicast_iface_v6: [], udp_reuseaddr: false, unidirectional: false, unidirectional_reverse: false, max_messages: None, max_messages_rev: None, exit_on_eof: false, oneshot: false, unlink_unix_socket: false, exec_args: [], ws_c_uri: "ws://0.0.0.0/", linemode_strip_newlines: false, linemode_strict: false, origin: None, custom_headers: [("\'Sec-WebSocket-Protocol", [120, 109, 112, 112]), ("Sec-WebSocket-Key", [69, 79, 117, 81, 48, 68, 103, 119, 118, 115, 53, 51, 112, 49, 86, 104, 98, 47, 116, 106, 121, 65, 61, 61]), ("Authorization", [66, 101, 97, 114, 101, 114, 32, 119, 53, 50, 107, 80, 122, 101, 120, 113, 117, 115, 54, 116, 74, 67, 72, 66, 84, 85, 114, 68, 78, 105, 51, 76, 73, 82, 57, 87, 114, 121, 110, 79, 67, 108, 97, 79, 113, 56, 99, 105, 121, 111, 87, 101, 84, 117, 111, 80, 89, 100, 80, 108, 112, 66, 66, 80, 49, 66, 72, 77, 51, 69, 106, 121, 79, 112, 75, 120, 71])], custom_reply_headers: [], websocket_version: None, websocket_dont_close: false, websocket_ignore_zeromsg: false, one_message: false, no_auto_linemode: false, buffer_size: 65536, broadcast_queue_len: 16, read_debt_handling: Warn, linemode_zero_terminated: false, restrict_uri: None, serve_static_files: [], exec_set_env: false, no_exit_on_zeromsg: false, reuser_send_zero_msg_on_disconnect: false, process_zero_sighup: false, process_exit_sighup: false, socks_destination: None, auto_socks5: None, socks5_bind_script: None, tls_domain: None, tls_insecure: true, headers_to_env: [], max_parallel_conns: None, ws_ping_interval: None, ws_ping_timeout: None, request_uri: None, request_method: None, request_headers: [], autoreconnect_delay_millis: 20, ws_text_prefix: None, ws_binary_prefix: None, ws_binary_base64: false, ws_text_base64: false }
[DEBUG websocat::stdio_peer] get_stdio_peer (async)
[DEBUG websocat::stdio_peer] Setting stdin to nonblocking mode
[DEBUG websocat::stdio_peer] Setting stdout to nonblocking mode
[DEBUG websocat::stdio_peer] Installing signal handler
[DEBUG websocat::sessionserve] Underlying connection established
[INFO  websocat::ws_client_peer] get_ws_client_peer
[INFO  websocat::ws_client_peer] Connected to ws
[DEBUG websocat::my_copy] zero len
[DEBUG websocat::my_copy] read_done
[DEBUG websocat::my_copy] done
[INFO  websocat::sessionserve] Forward finished
[DEBUG websocat::sessionserve] Forward shutdown finished
[DEBUG websocat::ws_peer] drop WsWriteWrapper
[DEBUG websocat::ws_peer] incoming close
[DEBUG websocat::my_copy] BrokenPipe: read_done
[DEBUG websocat::my_copy] done
[INFO  websocat::sessionserve] Reverse finished
[DEBUG websocat::sessionserve] Reverse shutdown finished
[INFO  websocat::sessionserve] Both directions finished
[DEBUG websocat::stdio_peer] restore_blocking_status
[DEBUG websocat::stdio_peer] Restoring blocking status for stdin
[DEBUG websocat::stdio_peer] Restoring blocking status for stdout
[DEBUG websocat::stdio_peer] restore_blocking_status
[DEBUG websocat::stdio_peer] Restoring blocking status for stdin
[DEBUG websocat::stdio_peer] Restoring blocking status for stdout
++ echo '<message xmlns=jabber:client id=d4dd2dd4-5018-457b-97ç8a-3bba9ec9e383 to=9nz0mp2gyvjo@wallapop.com from=8ejkl9wkyq6x@wallapop.com type=chat><thread>0j281nwq9mjy</thread><request xmlns=urn:xmpp:receipts/><body>sddsfsd</body></message>'
++ websocat_arm-linux-static -vvv -k wss://mongooseimprotool-prod.wallapop.com/ws-xmpp -H ''\''Sec-WebSocket-Protocol: xmpp' -H 'Sec-WebSocket-Key: EOuQ0Dgwvs53p1Vhb/tjyA==' -H 'Authorization: Bearer w52kPzexqus6tJCHBTUrDNi3LIR9WrynOClaOq8ciyoWeTuoPYdPlpBBP1BHM3EjyOpKxG'
[INFO  websocat::lints] Auto-inserting the line mode
[DEBUG websocat] Done third phase of interpreting options.
[DEBUG websocat] Done fourth phase of interpreting options.
[DEBUG websocat] Preparation done. Now actually starting.
[DEBUG websocat::sessionserve] Serving Line2Message(Stdio) to Message2Line(WsClient("wss://mongooseimprotool-prod.wallapop.com/ws-xmpp")) with Options { websocket_text_mode: true, websocket_protocol: None, websocket_reply_protocol: None, udp_oneshot_mode: false, udp_broadcast: false, udp_multicast_loop: false, udp_ttl: None, udp_join_multicast_addr: [], udp_join_multicast_iface_v4: [], udp_join_multicast_iface_v6: [], udp_reuseaddr: false, unidirectional: false, unidirectional_reverse: false, max_messages: None, max_messages_rev: None, exit_on_eof: false, oneshot: false, unlink_unix_socket: false, exec_args: [], ws_c_uri: "ws://0.0.0.0/", linemode_strip_newlines: false, linemode_strict: false, origin: None, custom_headers: [("\'Sec-WebSocket-Protocol", [120, 109, 112, 112]), ("Sec-WebSocket-Key", [69, 79, 117, 81, 48, 68, 103, 119, 118, 115, 53, 51, 112, 49, 86, 104, 98, 47, 116, 106, 121, 65, 61, 61]), ("Authorization", [66, 101, 97, 114, 101, 114, 32, 119, 53, 50, 107, 80, 122, 101, 120, 113, 117, 115, 54, 116, 74, 67, 72, 66, 84, 85, 114, 68, 78, 105, 51, 76, 73, 82, 57, 87, 114, 121, 110, 79, 67, 108, 97, 79, 113, 56, 99, 105, 121, 111, 87, 101, 84, 117, 111, 80, 89, 100, 80, 108, 112, 66, 66, 80, 49, 66, 72, 77, 51, 69, 106, 121, 79, 112, 75, 120, 71])], custom_reply_headers: [], websocket_version: None, websocket_dont_close: false, websocket_ignore_zeromsg: false, one_message: false, no_auto_linemode: false, buffer_size: 65536, broadcast_queue_len: 16, read_debt_handling: Warn, linemode_zero_terminated: false, restrict_uri: None, serve_static_files: [], exec_set_env: false, no_exit_on_zeromsg: false, reuser_send_zero_msg_on_disconnect: false, process_zero_sighup: false, process_exit_sighup: false, socks_destination: None, auto_socks5: None, socks5_bind_script: None, tls_domain: None, tls_insecure: true, headers_to_env: [], max_parallel_conns: None, ws_ping_interval: None, ws_ping_timeout: None, request_uri: None, request_method: None, request_headers: [], autoreconnect_delay_millis: 20, ws_text_prefix: None, ws_binary_prefix: None, ws_binary_base64: false, ws_text_base64: false }
[DEBUG websocat::stdio_peer] get_stdio_peer (async)
[DEBUG websocat::stdio_peer] Setting stdin to nonblocking mode
[DEBUG websocat::stdio_peer] Setting stdout to nonblocking mode
[DEBUG websocat::stdio_peer] Installing signal handler
[DEBUG websocat::sessionserve] Underlying connection established
[INFO  websocat::ws_client_peer] get_ws_client_peer
[INFO  websocat::ws_client_peer] Connected to ws
[DEBUG websocat::my_copy] zero len
[DEBUG websocat::my_copy] read_done
[DEBUG websocat::my_copy] done
[INFO  websocat::sessionserve] Forward finished
[DEBUG websocat::sessionserve] Forward shutdown finished
[DEBUG websocat::ws_peer] drop WsWriteWrapper
[DEBUG websocat::ws_peer] incoming close
[DEBUG websocat::my_copy] BrokenPipe: read_done
[DEBUG websocat::my_copy] done
[INFO  websocat::sessionserve] Reverse finished
[DEBUG websocat::sessionserve] Reverse shutdown finished
[INFO  websocat::sessionserve] Both directions finished
[DEBUG websocat::stdio_peer] restore_blocking_status
[DEBUG websocat::stdio_peer] Restoring blocking status for stdin
[DEBUG websocat::stdio_peer] Restoring blocking status for stdout
[DEBUG websocat::stdio_peer] restore_blocking_status
[DEBUG websocat::stdio_peer] Restoring blocking status for stdin
[DEBUG websocat::stdio_peer] Restoring blocking status for stdout
vi commented 3 years ago

winsocket

WebSocket

Sec-WebSocket-Key:

WebSocat should automatically generate this field, no need to manually specify it.

Authorization: Bearer w5...

Note that this is now a published information. You should change credentials.

mmm286 commented 3 years ago

Thanks, I don't know exactly if the website uses Bearer w5 authentication with websocket. In Burp suite I don't see it in the request. I'm tring with credentials because I thing it was a possible solution.

The request of burp suite shows me this:

GET /ws-xmpp HTTP/1.1
Host: mongooseimprotool-prod.wallapop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: */*
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: https://web.wallapop.com
Sec-WebSocket-Protocol: xmpp
Sec-WebSocket-Key: D2YQmYK3k4qPwNjtk4wPKA==
Connection: keep-alive, Upgrade
Cookie: _ga=GA1.2.1144798357.1599165422; _gid=GA1.2.686958483.1599165422; didomi_token=eyJ1c2VyX2lkIjoiMTc0NTVhZmQtZDEwNi02NmMwLWE4MWUtYTlhNDY2NmYyNTlmIiwiY3JlYXRlZCI6IjIwMjAtMDktMDNUMjA6Mzc6MDIuOTE3WiIsInVwZGF0ZWQiOiIyMDIwLTA5LTAzVDIwOjM3OjA0LjYyOVoiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIl19LCJwdXJwb3NlcyI6eyJlbmFibGVkIjpbImNvb2tpZXMiLCJhZHZlcnRpc2luZ19wZXJzb25hbGl6YXRpb24iLCJjb250ZW50X3BlcnNvbmFsaXphdGlvbiIsImFkX2RlbGl2ZXJ5IiwiYW5hbHl0aWNzIl19LCJ2ZXJzaW9uIjoxfQ==; euconsent=BO5LUdVO5LUdmAHABBESDW-AAAAyNr_7__7-_9_-_f__9uj3Or_v_f__32ccL59v_h_7v-_7fi_-0nV4u_1vft9yfkx-5ctDztp5w7iakivXmqdeb1v_nz3_9pxP78E89r7335EQ_v8_t-b7BCHN_Y2v-8K96lPKACE; cto_bundle=WD9jl19haWozekF3VkQ1MFBpY25RZzA0WEhvRU5zbHVKMnExTFlGT2tZenRJYk15NXclMkZ5RDhJblE0Y1BZeVAlMkZ1bHQlMkZ3cEllSE1QNWVGSVJYWFdnSzFES0h6Y3JiMEZxZXhBcUwlMkJOaFhrdmoxJTJCQVVQYzdYbXRFN0V0U09CbmJsdkQxYnQxQ1ZSZXh1ZmdGNlJUcXZnSTR2OEZBJTNEJTNE; __gads=ID=823dfdaaaefbb979:T=1599165428:S=ALNI_MadCxwpqDrCUCbentQwqWUYVTJOcg; subdomain=es; _fbp=fb.1.1599165441998.2077156833; ab.storage.deviceId.47b54d36-7a86-4c05-9bfc-2d7b8aadd1ce=%7B%22g%22%3A%222fb9d47b-9bd0-8a21-ae3b-7b10240106a6%22%2C%22c%22%3A1599165442237%2C%22l%22%3A1599165442237%7D; _hjid=8466dc52-0877-490a-91e7-2ffb5ce08c2b; device_access_token_id=c2f1bf4cbeae320f9e4ea01f2fe65360; ppid=YzJmMWJmNGNiZWFlMzIwZjllNGVhMDFmMmZlNjUzNjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA=; accessToken=f4nS05zItGrUjStBUQq3z5UjCANMlFDq1rAgQ7jENCgXOuznraOvkafB8Y0TsVt3wXIt6M; deviceAccessToken=a002f088-fca1-4242-8956-e32e5192d0e1; ab.storage.userId.47b54d36-7a86-4c05-9bfc-2d7b8aadd1ce=%7B%22g%22%3A%22xpzpw0nd8kj3%22%2C%22c%22%3A1599237670233%2C%22l%22%3A1599237670233%7D; publisherId=xpzpw0nd8kj3000000000000000000000000000000; ab.storage.sessionId.47b54d36-7a86-4c05-9bfc-2d7b8aadd1ce=%7B%22g%22%3A%2200bc0e16-8279-cc3f-6e13-93bdc9e6a691%22%2C%22e%22%3A1599248526721%2C%22c%22%3A1599246661043%2C%22l%22%3A1599246726721%7D; session_id=9d548315-c027-e034-c857-db42c8a30557
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

PD: password change, thanks for your warn!