https://github.com/hacksore/github-websocket-api
Reverse engineering the Github websocket API - alive.github.com
https://github.com/hacksore/github-websocket-api
github github-hacking github-reverse-engineering realtime reverse-engineering
Last synced: about 1 month ago
JSON representation
Reverse engineering the Github websocket API - alive.github.com
- Host: GitHub
- URL: https://github.com/hacksore/github-websocket-api
- Owner: Hacksore
- Created: 2022-10-29T13:55:15.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2023-04-19T02:40:49.000Z (about 2 years ago)
- Last Synced: 2025-02-25T20:39:11.192Z (4 months ago)
- Topics: github, github-hacking, github-reverse-engineering, realtime, reverse-engineering
- Language: TypeScript
- Homepage:
- Size: 28.3 KB
- Stars: 13
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# github-websocket-pipelines-api
Github has an undocumented websocket API hosted on `alive.github.com` for some realtime interactions.
# 🟡 Mildly Blocked
Able to get data if I reuse the payload that is sent from a real client to subscribe. Can't figure out how to craft the packet fully yet.
### Events
- Workflow Run
- Notification Changed
- Check Suites### New intel
It seems the `session` is in two parts, one a base64 encoded string with the payload seen below.
Schema:
`--`This is what the github webpage has as the first part `session` field in the websocket query string.
```json
{
"v": "V3",
"u": "",
"s": "",
"c": "",
"t": ""
}
```another piece of intel is how you subscribe to events, this is the decoded part of what the client will send as the first part.
```json
{ "c": "notification-changed:", "t": 1667188552 }
```check suites payload to send as the first part.
```json
{ "c": "check_suites:", "t": 1667192074 }
```### Auth
If use a valid `user_session` cookie you can request github and extract the websocket URL from the page.
The script is doing this automatically now.
### How to run
1. Create an `.env` file, copy the example. Source both your user id and a user session
1. run `yarn` to install the deps
1. run `yarn start` to start the client# Payloads/Events
I've attempted to give a good description to each of these payloads below.
## ack
This is seems to be returned not matter what you send to the API.
```json
{
"e": "ack",
"off": "1667055219967-0",
"health": true
}
```## subscribe
This is what the client will send when you visit a github page. It looks to be asking github
> please give me events for ``
```json
{
"subscribe": {
"": ""
}
}
```## unsubscribe
This is what the client will send when you navigating to a new page on github. It looks to be tell github saying
> please unsubscribe me for all previous `` event subscriptions
```json
{
"unsubscribe": [""]
}
```## notification-changed
This is emitted whenever the indicator needs to update. Anything that will leave items in your notifications inbox will trigger this.
```json
{
"e": "msg",
"ch": "notification-changed:",
"off": "1667056418489-0",
"data": { "indicator_mode": "none", "wait": 371.57200000000006 }
}
```## workflow_run
This is emitted whenever a workflow run starts.
```json
{
"e": "msg",
"ch": "workflow_run::execution",
"off": "1667059757243-0",
"data": {
"timestamp": "2022-10-29T16:09:15.000Z",
"wait": 372.463,
"reason": "Execution created"
}
}
```## check_suites
This is emitted whenever a workflow job updates and has two states in the `reason` field. It can either be `in_progress` or `completed`.
```json
{
"e": "msg",
"ch": "check_suites:",
"off": "1667056504426-0",
"data": {
"timestamp": "2022-10-29T15:15:04.000Z",
"wait": 396.523,
"reason": "check_suite # updated: ",
"log_archive": false
}
}
```### Example
See demo in `client.ts`
### Investigating
- How do I get a `jobId` that is used