RazerBlade Posted September 14, 2017 Share Posted September 14, 2017 Hi! I am wondering how you download WSS frames to a text file. On chrome you can see all the wss frames and the thing I want to do is to download all the frames locally. On Quote Link to comment Share on other sites More sharing options...
digip Posted September 14, 2017 Share Posted September 14, 2017 (edited) On the highlighted item on the left, you should also be able to save its output with a right click to show the various options. Click save all as HAR and paste to text file. Edited September 14, 2017 by digip Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 14, 2017 Share Posted September 14, 2017 What digi said...or you may have to take this to the programming section to write some custom code in Python or Node to communicate with that wss service and parse the output you want. You will need to know how the service uses wss. Burp may help with dubugging the traffic and seeing what you have to send/receive in the app/script. Quote Link to comment Share on other sites More sharing options...
RazerBlade Posted September 14, 2017 Author Share Posted September 14, 2017 (edited) Well it's quite a lot of data I want to download so doing it manually won't happen. I have been looking at this: https://github.com/aaugustin/websockets But haven't got it to work as I want it. This could maybe work: https://github.com/novnc/websockify but I don't really understand how to use it. Also, with chrome you can copy the cURL address with all variables. Maybe I could get it to connect that way? Edited September 14, 2017 by RazerBlade Quote Link to comment Share on other sites More sharing options...
digip Posted September 15, 2017 Share Posted September 15, 2017 Right click on the blue bar and copy all as HAR, then paste to a text file. It will have all the data in there. Otherwise, like mentioned, you'd need to interact with it, and log the output. There are probably code samples out there for how to use html5 web sockets with other languages. Rachet might even be able to do what you want, bit I have not tried it. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted September 15, 2017 Share Posted September 15, 2017 41 minutes ago, digip said: Right click on the blue bar and copy all as HAR, then paste to a text file. It will have all the data in there. Otherwise, like mentioned, you'd need to interact with it, and log the output. There are probably code samples out there for how to use html5 web sockets with other languages. Rachet might even be able to do what you want, bit I have not tried it. I'm confused, because I'm pretty sure the bar you're talking about is purple..Are you talking about the 'cometd /_push' bar? Quote Link to comment Share on other sites More sharing options...
RazerBlade Posted September 15, 2017 Author Share Posted September 15, 2017 As said before. I need to automate this process because it's so much data I need to download. Does anybody know if I can use cURL? Quote Link to comment Share on other sites More sharing options...
digip Posted September 15, 2017 Share Posted September 15, 2017 If it's a post and reply of data, sure, that's quick an easy. If it's an interactive thing like conversations back and forth, not easily unless you script the use of curl to send replies to incoming responses, which could be done but probably easier in a different language that can do it all in one. If it is some sort of back and forth chat, then build/script a client that logs all the back and forth. Alternatively, fire up wireshark(so long as it isn't over SSL) and you could just filter the pcap and save out just the conversation, which again, is as simple as right clicking and save our the HAR to a file. If you want this automated with hands free just to capture data, then you need to build some sort of client that interacts and logs everything. Quote Link to comment Share on other sites More sharing options...
digip Posted September 15, 2017 Share Posted September 15, 2017 14 hours ago, Dave-ee Jones said: I'm confused, because I'm pretty sure the bar you're talking about is purple..Are you talking about the 'cometd /_push' bar? Bluish? lol. yeah, the purple bar, or "lavender" bar. Fuck. The colored bar on the left..lol Quote Link to comment Share on other sites More sharing options...
RazerBlade Posted September 15, 2017 Author Share Posted September 15, 2017 It's over ssl, TSL because it's WSS WebSocket Secure. Do you have any tips on building a script for doing that job? I don't know if a send/receive conversation would be needed but it maybe. Quote Link to comment Share on other sites More sharing options...
digip Posted September 15, 2017 Share Posted September 15, 2017 If you copy the CURL request(right click the "purple" bar) and then paste into a console, it will do the same request and you could log the output. But if it expects two way data back and forth, you need to answer the responses and then reply, which you could do in a bash script, or some other language you're comfortable in. It depends on what the web socket app/service expects after the initial connect is sent. Without knowing what the thing is you're connecting to and the source for the endpoint on what it requires, kind of hard to help any more than suggestions on things to try. If people knew more about the service, and if it had an API for interacting with it, might be more helpful and easier to script something, but just try simple things like the CURL request first and log all the info and can use verbose output to see everything going back and forth. Then work out what you need to do from there and kind of reverse engineer it to be done with a script. Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted September 15, 2017 Share Posted September 15, 2017 To figure out the communication flow, proxy yourself through Burp Suite. Turn interception off so it doesn't stop the request and work with the site and look at the request/response flows. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.