{"id":13403473,"url":"https://github.com/nccgroup/wssip","last_synced_at":"2025-04-04T15:12:01.671Z","repository":{"id":20992110,"uuid":"89730037","full_name":"nccgroup/wssip","owner":"nccgroup","description":"Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.","archived":false,"fork":false,"pushed_at":"2022-12-08T18:52:09.000Z","size":2238,"stargazers_count":445,"open_issues_count":35,"forks_count":66,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-10-30T04:50:09.833Z","etag":null,"topics":["mitm","nodejs","socket-io","websocket","websockets"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nccgroup.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-28T17:39:03.000Z","updated_at":"2024-10-21T10:37:22.000Z","dependencies_parsed_at":"2023-01-13T21:15:08.272Z","dependency_job_id":null,"html_url":"https://github.com/nccgroup/wssip","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fwssip","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fwssip/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fwssip/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nccgroup%2Fwssip/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nccgroup","download_url":"https://codeload.github.com/nccgroup/wssip/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198445,"owners_count":20900079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mitm","nodejs","socket-io","websocket","websockets"],"created_at":"2024-07-30T19:01:30.406Z","updated_at":"2025-04-04T15:12:01.653Z","avatar_url":"https://github.com/nccgroup.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","Weapons","JavaScript (485)","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具"],"sub_categories":["Tools","\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"# WSSiP: A WebSocket Manipulation Proxy\n\n[![Travis-CI](https://travis-ci.org/nccgroup/wssip.svg?branch=master)](https://travis-ci.org/nccgroup/wssip)\n[![Appveyor](https://ci.appveyor.com/api/projects/status/q85uar6lmhddke6j?svg=true)](https://ci.appveyor.com/project/thekettu/wssip)\n[![npm version](https://img.shields.io/npm/v/wssip.svg)](https://www.npmjs.com/package/wssip)\n[![npm](https://img.shields.io/npm/dt/wssip.svg)](https://www.npmjs.com/package/wssip)\n[![github](https://img.shields.io/github/downloads/nccgroup/wssip/total.svg)](https://github.com/nccgroup/wssip)\n[![github release](https://img.shields.io/github/release/nccgroup/wssip.svg)](https://github.com/nccgroup/wssip/releases)\n[![dependency outdated](https://david-dm.org/nccgroup/wssip/dev-status.svg)](https://david-dm.org/nccgroup/wssip)\n\nShort for \"WebSocket/Socket.io Proxy\", this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server.\n\nUpstream proxy support also means you can forward HTTP/HTTPS traffic to an intercepting proxy of your choice (e.g. Burp Suite or Pappy Proxy) but view WebSocket traffic in WSSiP. More information can be found on the blog post.\n\nThere is an outward bridge via HTTP to write a fuzzer in any language you choose to debug and fuzz for security vulnerabilities. See [Fuzzing](#fuzzing) for more details.\n\nWritten and maintained by Samantha Chalker (@[thekettu](https://github.com/thekettu)). Icon for WSSiP release provided by @[dragonfoxing](https://twitter.com/dragonfoxing).\n\n## Installation\n\n### From Packaged Application\n\nSee [Releases](https://github.com/nccgroup/wssip/releases).\n\n### From npx via npm (for CLI commands)\n\nRun the following in your command line:\n\n~~~bash\nnpx wssip\n~~~\n\n### From Source\n\nUsing a command line:\n\n~~~bash\n# Clone repository locally\ngit clone https://github.com/nccgroup/wssip\n\n# Change to the directory\ncd wssip\n\n# If you are developing for WSSiP:\n# npm i\n\n# If not... (as to minimize disk space):\nnpm i electron\nnpm i --production\n\n# Yarn version:\n# yarn add electron\n# yarn install --production\n\n# Start application:\nnpm start\n# or yarn:\n# yarn start\n~~~\n\n## Usage\n\n1. Open the WSSiP application.\n2. WSSiP will start listening automatically. This will default to localhost on port 8080.\n3. Optionally, use Tools \u003e Use Upstream Proxy to use another intercepting proxy to view web traffic.\n4. Configure the browser to point to http://localhost:8080/ as the HTTP Proxy.\n5. Navigate to a page using WebSockets. A good example is [the WS Echo Demonstration](http://websocket.org/).\n6. ???\n7. Potato.\n\n## Fuzzing\n\nWSSiP provides an HTTP bridge via the man-in-the-middle proxy for custom applications to help fuzz a connection. These are accessed over the proxy server.\n\nA few of the simple CA certificate downloads are:\n\n* http://mitm/ca.pem / http://mitm/ca.der (Download CA Certificate)\n* http://mitm/ca_pri.pem / http://mitm/ca_pri.der (Download Private Key)\n* http://mitm/ca_pub.pem / http://mitm/ca_pub.der (Download Public Key)\n\n**Get WebSocket Connection Info**\n----\nReturns whether the WebSocket id is connected to a web server, and if so, return information.\n\n* **URL**\n\n    GET http://mitm/ws/:id\n\n* **URL Params**\n\n  `id=[integer]`\n\n* **Success Response (Not Connected)**\n\n  * **Code:** 200 \u003cbr /\u003e\n    **Content:** `{connected: false}`\n\n\n* **Success Response (Connected)**\n\n  * **Code**: 200 \u003cbr /\u003e\n    **Content:** `{connected: true, url: 'ws://echo.websocket.org', bytesReceived: 0, extensions: {}, readyState: 3, protocol: '', protocolVersion: 13}`\n\n**Send WebSocket Data**\n----\nSend WebSocket data.\n\n* **URL**\n\n  POST http://mitm/ws/:id/:sender/:mode/:type?log=:log\n\n* **URL Params**\n\n  **Required:**\n\n  `id=[integer]`\n\n  `sender` one of `client` or `server`\n\n  `mode` one of `message`, `ping` or `pong`\n\n  `type` one of `ascii` or `binary` (`text` is an alias of `ascii`)\n\n  **Optional:**\n\n  `log` either `true` or `y` to log in the WSSiP application. Errors will be logged in the WSSiP application instead of being returned via the REST API.\n\n* **Data Params**\n\n  Raw data in the POST field will be sent to the WebSocket server.\n\n* **Success Response:**\n\n  * **Code:** 200 \u003cbr /\u003e\n    **Content:** `{success: true}`\n\n\n* **Error Response:**\n\n  * **Code:** 500 \u003cbr /\u003e\n    **Content:** `{success: false, reason: 'Error message'}`\n\n## Development\n\nPull requests are welcomed and encouraged. WSSiP supports the `debug` npm package, and setting the environment variable `DEBUG=wssip:*` will output debug information to console.\n\nThere are two commands depending on how you want to compile the Webpack bundle: for development, that is `npm run compile:dev` and for production is `npm run compile`. React will also log errors depending on whether development or production is specified.\n\nCurrently working on:\n* Exposed API for external scripts for fuzzing (99% complete, it is live but need to test more data)\n* Saving/Resuming Connections from File (35% complete, exporting works sans active connections)\n* Using WSSiP in browser without Electron (likely 1.1.0)\n* Rewrite in TypeScript (likely 1.2.0)\n* Using something other than Appbar for Custom/Intercept tabs, and styling the options to center better\n\nFor information on using the `mitmengine` class, see: [npm](https://npmjs.com/package/mitmengine), [yarn](https://yarnpkg.com/en/package/mitmengine), or [mitmengine/README.md](https://github.com/nccgroup/wssip/blob/master/mitmengine/README.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fwssip","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnccgroup%2Fwssip","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnccgroup%2Fwssip/lists"}