GSoC community ideas/WebSocket mode for Ncat

From SecWiki
Jump to: navigation, search

WebSocket is a protocol used by web browsers to provide functionality similar to that of TCP sockets. It consists of an HTTP-based handshake with an Upgrade header field, followed by data using a simple framing protocol. Ncat should be able to use WebSocket in connect mode, emulating a web browser, to interact with WebSocket servers from the command line for example. Ncat should be able to be a WebSocket server, which would provide an easy way to WebSocketize normal TCP programs.

In connect mode, Ncat needs to send only masked frames and in listen mode it must not send any masked frames (RFC 6455 section 5.3). Ncat should know about Ping control frames and reply with a Pong, but it never needs to send Ping.

Potential issues:

  • WebSocket distinguishes between text (opcode 1) and binary (opcode 2) and potentially other types of frames. Text frames are encoded in UTF-8 and can't represent arbitrary binary data driectly. Binary frames would be really nice, but when I tested them in March 2012, Firefox 10 doesn't fire onmessage events when it receives them.
    • comment: The binary frames do work in relatively recent Google Chrome versions. I wrote a WebSocket debugging app called dwst for Chrome. It should be trivial to port it to another WebSocket friendly browser if required, but this won't fix lack of binary frame support in a browser. --Cyberix 14:48, 29 March 2012 (PDT)
    • The websockify proxy works around this with a base64 protocol. David 14:41, 2 April 2012 (PDT)


There may not be any need to support the earlier "hixie" specifications. However, a full project will include checking how many browsers suport only this specification or do so by default.

David 09:44, 26 March 2012 (PDT)