Skip to content

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions

License

Notifications You must be signed in to change notification settings

BlockchainLabsNZ/websocat

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

websocat

Netcat, curl and socat for WebSockets.

Build Status Gitter

Examples

Connect to public echo server

$ websocat ws://echo.websocket.org
123
123
ABC
ABC

Serve and connect

A$ websocat -s 1234
Listening on ws://127.0.0.1:1234/
ABC
123

B$ websocat ws://127.0.0.1:1234/
ABC
123

Open a tab in Chromium using remote debugging.

$ chromium --remote-debugging-port=9222&
$ curl -sg http://127.0.0.1:9222/json/new | grep webSocketDebuggerUrl | cut -d'"' -f4 | head -1
ws://127.0.0.1:9222/devtools/page/A331E56CCB8615EB4FCB720425A82259
$ echo 'Page.navigate {"url":"https://example.com"}' | websocat -n1 --jsonrpc ws://127.0.0.1:9222/devtools/page/A331E56CCB8615EB4FCB720425A82259
{"id":2,"result":{"frameId":"A331E56CCB8615EB4FCB720425A82259","loaderId":"EF5AAD19F2F8BB27FAF55F94FFB27DF9"}}

Proxy TCP connections to WebSocket connections and back.

$ websocat --oneshot -b ws-l:127.0.0.1:1234 tcp:127.0.0.1:22&
$ websocat --oneshot -b tcp-l:127.0.0.1:1236 ws://127.0.0.1:1234/&
$ nc 127.0.0.1 1236
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
qwertyu
Protocol mismatch.

Broadcast all messages between connected WebSocket clients

A$ websocat -t ws-l:127.0.0.1:1234 broadcast:mirror:
B$ websocat ws://127.0.0.1:1234
C$ websocat ws://127.0.0.1:1234

See moreexamples.md for further examples.

Features

  • Connecting to and serving WebSockets from command line.
  • Executing external program and making it communicate to WebSocket using stdin/stdout.
  • Text and binary modes, converting between lines (or null-terminated records) and messages.
  • Inetd mode, UNIX sockets (including abstract namespaced on Linux).
  • Integration with Nginx using TCP or UNIX sockets.
  • Directly using unauthenticated SOCKS5 servers for connecting to WebSockets and listening WebSocket connection.
  • Auto-reconnect and connection-reuse modes.
  • Linux, Windows and Mac support, with pre-built executables.
  • Low-level WebSocket clients and servers with overridable underlying transport connection, e.g. calling external program to serve as a transport for websocat (for SSL, proxying, etc.).
  • Buildable by rust starting from v1.30. Websocat version 1.2.0 (or from a tag) should be buildable by 1.28.0. Websocat version 1.1.0 and earlier should be buildable with Rust v1.23.0. There is legacy non-async version buildable by even older Rust.

Installation

There are multiple options for installing WebSocat. From easy to hard:

  • If you're on Linux Debian or Ubuntu (or other dpkg-based), try downloading a pre-build deb package from GitHub releases and install from GUI or with command like gdebi websocat_..._.deb
  • If you're on FreeBSD, you may install WebSocat with the following command: pkg install websocat.
  • If you're on Mac, you can do brew install websocat.
  • Download a pre-build executable and install it to PATH.
  • Install the Rust toolchain and do cargo install --features=ssl websocat. If something fails with a -sys crate, try without --features=ssl;
  • Build Websocat from source code (see below), then move target/release/websocat somewhere to the PATH.

Usage

websocat 1.5.0
Vitaly "_Vi" Shukela <vi0oss@gmail.com>
Command-line client for web sockets, like netcat/curl/socat for ws://.

USAGE:
    websocat ws://URL | wss://URL               (simple client)
    websocat -s port                            (simple server)
    websocat [FLAGS] [OPTIONS] <addr1> <addr2>  (advanced mode)

FLAGS:
    (some flags are hidden, see --help=long)
    -e, --set-environment                       Set WEBSOCAT_* environment variables when doing exec:/cmd:/sh-c:
                                                Currently it's WEBSOCAT_URI and WEBSOCAT_CLIENT for
                                                request URI and client address (if TCP)
                                                Beware of ShellShock or similar security problems.
    -E, --exit-on-eof                           Close a data transfer direction if the other one reached EOF
        --jsonrpc                               Format messages you type as JSON RPC 2.0 method calls. First word
                                                becomes method name, the rest becomes parameters, possibly automatically
                                                wrapped in [].
    -0, --null-terminated                       Use \0 instead of \n for linemode
    -1, --one-message                           Send and/or receive only one message. Use with --no-close and/or -u/-U.
        --oneshot                               Serve only once. Not to be confused with -1 (--one-message)
    -q                                          Suppress all diagnostic messages, except of startup errors
    -s, --server-mode                           Simple server mode: specify TCP port or addr:port as single argument
    -S, --strict                                strict line/message mode: drop too long messages instead of splitting
                                                them, drop incomplete lines.
    -k, --insecure                              Accept invalid certificates and hostnames while connecting to TLS
    -u, --unidirectional                        Inhibit copying data in one direction
    -U, --unidirectional-reverse                Inhibit copying data in the other direction (or maybe in both directions
                                                if combined with -u)
    -v                                          Increase verbosity level to info or further
    -b, --binary                                Send message to WebSockets as binary messages
    -n, --no-close                              Don't send Close message to websocket on EOF
    -t, --text                                  Send message to WebSockets as text messages

OPTIONS:
    (some options are hidden, see --help=long)
        --socks5 <auto_socks5>
            Use specified address:port as a SOCKS5 proxy. Note that proxy authentication is not supported yet. Example:
            --socks5 127.0.0.1:9050

    -B, --buffer-size <buffer_size>                     Maximum message size, in bytes [default: 65536]
    -H, --header <custom_headers>...
            Add custom HTTP header to websocket client request. Separate header name and value with a colon and
            optionally a single space. Can be used multiple times. Note that single -H may eat multiple further
            arguments, leading to confusing errors. Specify headers at the end or with equal sign like -H='X: y'.
        --server-header <custom_reply_headers>...
            Add custom HTTP header to websocket upgrade reply. Separate header name and value with a colon and
            optionally a single space. Can be used multiple times. Note that single -H may eat multiple further
            arguments, leading to confusing errors.
        --header-to-env <headers_to_env>...
            Forward specified incoming request header to H_* environment variable for `exec:`-like specifiers.
    -h, --help <help>
            See the help.
            --help=short is the list of easy options and address types
            --help=long lists all options and types (see [A] markers)
            --help=doc also shows longer description and examples.
        --conncap <max_parallel_conns>                  Maximum number of simultaneous connections for listening mode
        --origin <origin>                               Add Origin HTTP header to websocket client request
        --pkcs12-der <pkcs12_der>
            Pkcs12 archive needed to accept SSL connections, certificate and key.
            A command to output it: openssl pkcs12 -export -out output.pkcs12 -inkey key.pem -in cert.pem
            Use with -s (--server-mode) option or with manually specified TLS overlays.
            See moreexamples.md for more info.
        --pkcs12-passwd <pkcs12_passwd>                 Password for --pkcs12-der pkcs12 archive. Required on Mac.
        --restrict-uri <restrict_uri>
            When serving a websocket, only accept the given URI, like `/ws`
            This liberates other URIs for things like serving static files or proxying.
    -F, --static-file <serve_static_files>...
            Serve a named static file for non-websocket connections.
            Argument syntax: <URI>:<Content-Type>:<file-path>
            Argument example: /index.html:text/html:index.html
            Directories are not and will not be supported for security reasons.
            Can be specified multiple times. Recommended to specify them at the end or with equal sign like `-F=...`,
            otherwise this option may eat positional arguments


        --protocol <websocket_protocol>                 Specify this Sec-WebSocket-Protocol: header when connecting
        --server-protocol <websocket_reply_protocol>
            Force this Sec-WebSocket-Protocol: header when accepting a connection

        --websocket-version <websocket_version>         Override the Sec-WebSocket-Version value
        --ping-interval <ws_ping_interval>              Send WebSocket pings each this number of seconds
        --ping-timeout <ws_ping_timeout>
            Drop WebSocket connection if Pong message not received for this number of seconds


ARGS:
    <addr1>    In simple mode, WebSocket URL to connect. In advanced mode first address (there are many kinds of
               addresses) to use. See --help=types for info about address types. If this is an address for
               listening, it will try serving multiple connections.
    <addr2>    In advanced mode, second address to connect. If this is an address for listening, it will accept only
               one connection.


Basic examples:
  Command-line websocket client:
    websocat ws://echo.websocket.org/
    
  WebSocket server
    websocat -s 8080
    
  WebSocket-to-TCP proxy:
    websocat --binary ws-l:127.0.0.1:8080 tcp:127.0.0.1:5678
    

Partial list of address types:
	ws://           	Insecure (ws://) WebSocket client. Argument is host and URL.
	wss://          	Secure (wss://) WebSocket client. Argument is host and URL.
	ws-listen:      	WebSocket server. Argument is host and port to listen.
	wss-listen:     	Listen for secure WebSocket connections on a TCP port
	stdio:          	Same as `-`. Read input from console, print to console.
	tcp:            	Connect to specified TCP host and port. Argument is a socket address.
	tcp-listen:     	Listen TCP port on specified address.
	ssl-listen:     	Listen for SSL connections on a TCP port
	sh-c:           	Start specified command line using `sh -c` (even on Windows)
	cmd:            	Start specified command line using `sh -c` or `cmd /C` (depending on platform)
	readfile:       	Synchronously read a file. Argument is a file path.
	writefile:      	Synchronously truncate and write a file.
	appendfile:     	Synchronously append a file.
	udp:            	Send and receive packets to specified UDP socket, from random UDP port  
	udp-listen:     	Bind an UDP socket to specified host:port, receive packet
	mirror:         	Simply copy output to input. No arguments needed.
	literalreply:   	Reply with a specified string for each input packet.
	literal:        	Output a string, discard input.
Partial list of overlays:
	broadcast:      	Reuse this connection for serving multiple clients, sending replies to all clients.
	autoreconnect:  	Re-establish underlying connection on any error or EOF

Pre-built binaries for Linux (usual and musl), Windows, OS X and Android are available on the releases page.

Limitations

  • Websocat can't mix sending text and binary WebSocket messages. This also affects mirror: specifier, making it a bit different from ws://echo.websocket.org.
  • Current version of Websocat don't receive notification about closed sockets. This makes serving without -E or -u options or in backpressure scenarios prone to socket leak.

Building from source code

  1. Install the Rust toolchain
  2. cargo build --release --features=ssl.
  3. Find the executable somewhere under target/, e.g. in target/release/websocat.

SSL on Android

websocat's wss:// may fail on Android. As a workaround, download certificate bundle, for example, from https://curl.haxx.se/ca/cacert.pem and specify it explicitly:

SSL_CERT_FILE=cacert.pem /data/local/tmp/websocat wss://echo.websocket.org

Or just use --insecure option.

Reference

There is a work-in-progress reference document that contains more options and examples.

Some notes

  • It runs singlethreaded, but can serve multiple connections simultaneously. There is old non-async threaded version in legacy branch of releases prior to 0.5.
  • IPv6 is supported, surround your IP in square brackets or use it as is, depending on context.
  • Web socket usage is not obligatory, you can use any specs on both sides.
  • Typically one line in binary stream correspond to one WebSocket text message. This is adjustable with options.

Planned features

There are also checkboxes on issues #1 and #5.

See also

About

Command-line client for WebSockets, like netcat (or curl) for ws:// with advanced socat-like functions

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 98.2%
  • Shell 1.8%