Menu
I am using a websocket without compression between my Tyrus based client and my tomcat web server. I am seeing on the tomcat side messages coming to and from my socket, but if I set up a wireshark to watch them come to my websocket client, I can't find the text for my messages.
Since they're not compressed, they must be encoded somehow. can someone tell me how I can read my packets in wireshark?
672
WebSocket protocol defines that frame data must be masked when client sends them to server. So You should be able to see what is coming from server in plan text, but frames from client to server should not be readable.
I'm not sure what Wireshark currently provides in terms of websocket frames inspection, but you maybe can to plug something in that. Following is websocket frame format (taken from chapter 5.2, RFC6455)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-------+-+-------------+-------------------------------+
|F|R|R|R| opcode|M| Payload len | Extended payload length |
|I|S|S|S| (4) |A| (7) | (16/64) |
|N|V|V|V| |S| | (if payload len==126/127) |
| |1|2|3| |K| | |
+-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
| Extended payload length continued, if payload len == 127 |
+ - - - - - - - - - - - - - - - +-------------------------------+
| |Masking-key, if MASK set to 1 |
+-------------------------------+-------------------------------+
| Masking-key (continued) | Payload Data |
+-------------------------------- - - - - - - - - - - - - - - - +
: Payload Data continued ... :
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Payload Data continued ... |
+---------------------------------------------------------------+
To be able to see "plaintext" data from client to server, you need to unmask them - XOR Masking key to your payload.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
