How to download WSS Frames

[RazerBlade]

Hi!

I am wondering how you download WSS frames to a text file. On chrome you can see all the wss frames and the thing I want to do is to download all the frames locally.

On 

[digip]

On the highlighted item on the left, you should also be able to save its output with a right click to show the various options. Click save all as HAR and paste to text file.

Edited September 14, 2017 by digip

[PoSHMagiC0de]

What digi said...or you may have to take this to the programming section to write some custom code in Python or Node to communicate with that wss service and parse the output you want.  You will need to know how the service uses wss.  Burp may help with dubugging the traffic and seeing what you have to send/receive in the app/script.

[RazerBlade]

Well it's quite a lot of data I want to download so doing it manually won't happen. I have been looking at this: https://github.com/aaugustin/websockets But haven't got it to work as I want it. This could maybe work: https://github.com/novnc/websockify but I don't really understand how to use it. 

Also, with chrome you can copy the cURL address with all variables. Maybe I could get it to connect that way?

Edited September 14, 2017 by RazerBlade

[digip]

Right click on the blue bar and copy all as HAR, then paste to a text file. It will have all the data in there. Otherwise, like mentioned, you'd need to interact with it, and log the output. There are probably code samples out there for how to use html5 web sockets with other languages. Rachet might even be able to do what you want, bit I have not tried it.

[Dave-ee Jones]

41 minutes ago, digip said:

Right click on the blue bar and copy all as HAR, then paste to a text file. It will have all the data in there. Otherwise, like mentioned, you'd need to interact with it, and log the output. There are probably code samples out there for how to use html5 web sockets with other languages. Rachet might even be able to do what you want, bit I have not tried it.

I'm confused, because I'm pretty sure the bar you're talking about is purple..Are you talking about the 'cometd /_push' bar?

[RazerBlade]

As said before. I need to automate this process because it's so much data I need to download. Does anybody know if I can use cURL?

[digip]

If it's a post and reply of data, sure, that's quick an easy. If it's an interactive thing like conversations back and forth, not easily unless you script the use of curl to send replies to incoming responses, which could be done but probably easier in a different language that can do it all in one. If it is some sort of back and forth chat, then build/script a client that logs all the back and forth. Alternatively, fire up wireshark(so long as it isn't over SSL) and you could just filter the pcap and save out just the conversation, which again, is as simple as right clicking and save our the HAR to a file. If you want this automated with hands free just to capture data, then you need to build some sort of client that interacts and logs everything.

[digip]

14 hours ago, Dave-ee Jones said:

I'm confused, because I'm pretty sure the bar you're talking about is purple..Are you talking about the 'cometd /_push' bar?

Bluish? lol. yeah, the purple bar, or "lavender" bar. Fuck. The colored bar on the left..lol

[RazerBlade]

It's over ssl, TSL because it's WSS WebSocket Secure. Do you have any tips on building a script for doing that job? I don't know if a send/receive conversation would be needed but it maybe.

[digip]

If you copy the CURL request(right click the "purple" bar) and then paste into a console, it will do the same request and you could log the output. But if it expects two way data back and forth, you need to answer the responses and then reply, which you could do in a bash script, or some other language you're comfortable in. It depends on what the web socket app/service expects after the initial connect is sent. Without knowing what the thing is you're connecting to and the source for the endpoint on what it requires, kind of hard to help any more than suggestions on things to try.  If people knew more about the service, and if it had an API for interacting with it, might be more helpful and easier to script something, but just try simple things like the CURL request first and log all the info and can use verbose output to see everything going back and forth. Then work out what you need to do from there and kind of reverse engineer it to be done with a script.

[PoSHMagiC0de]

To figure out the communication flow, proxy yourself through Burp Suite.  Turn interception off so it doesn't stop the request and work with the site and look at the request/response flows.