Websockify is a WebSocket to TCP proxy/bridge. This allows a browser to connect to any application/server/service. Implementations in Python, C, Node.js and Ruby.

Overview

websockify: WebSockets support for any application/server

websockify was formerly named wsproxy and was part of the noVNC project.

At the most basic level, websockify just translates WebSockets traffic to normal socket traffic. Websockify accepts the WebSockets handshake, parses it, and then begins forwarding traffic between the client and the target in both directions.

News/help/contact

Notable commits, announcements and news are posted to @noVNC

If you are a websockify developer/integrator/user (or want to be) please join the noVNC/websockify discussion group

Bugs and feature requests can be submitted via github issues.

If you want to show appreciation for websockify you could donate to a great non-profits such as: Compassion International, SIL, Habitat for Humanity, Electronic Frontier Foundation, Against Malaria Foundation, Nothing But Nets, etc. Please tweet @noVNC if you do.

WebSockets binary data

Starting with websockify 0.5.0, only the HyBi / IETF 6455 WebSocket protocol is supported. There is no support for the older Base64 encoded data format.

Encrypted WebSocket connections (wss://)

To encrypt the traffic using the WebSocket 'wss://' URI scheme you need to generate a certificate and key for Websockify to load. By default, Websockify loads a certificate file name self.pem but the --cert=CERT and --key=KEY options can override the file name. You can generate a self-signed certificate using openssl. When asked for the common name, use the hostname of the server where the proxy will be running:

openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem

For a self-signed certificate to work, you need to make your client/browser understand it. You can do this by installing it as accepted certificate, or by using that same certificate for a HTTPS connection to which you navigate first and approve. Browsers generally don't give you the "trust certificate?" prompt by opening a WSS socket with invalid certificate, hence you need to have it accept it by either of those two methods.

If you have a commercial/valid SSL certificate with one or more intermediate certificates, concat them into one file, server certificate first, then the intermediate(s) from the CA, etc. Point to this file with the --cert option and then also to the key with --key. Finally, use --ssl-only as needed.

Additional websockify features

These are not necessary for the basic operation.

  • Daemonizing: When the -D option is specified, websockify runs in the background as a daemon process.

  • SSL (the wss:// WebSockets URI): This is detected automatically by websockify by sniffing the first byte sent from the client and then wrapping the socket if the data starts with '\x16' or '\x80' (indicating SSL).

  • Session recording: This feature that allows recording of the traffic sent and received from the client to a file using the --record option.

  • Mini-webserver: websockify can detect and respond to normal web requests on the same port as the WebSockets proxy. This functionality is activated with the --web DIR option where DIR is the root of the web directory to serve.

  • Wrap a program: see the "Wrap a Program" section below.

  • Log files: websockify can save all logging information in a file. This functionality is activated with the --log-file FILE option where FILE is the file where the logs should be saved.

  • Authentication plugins: websockify can demand authentication for websocket connections and, if you use --web-auth, also for normal web requests. This functionality is activated with the --auth-plugin CLASS and --auth-source ARG options, where CLASS is usually one from auth_plugins.py and ARG is the plugin's configuration.

  • Token plugins: a single instance of websockify can connect clients to multiple different pre-configured targets, depending on the token sent by the client using the token URL parameter, or the hostname used to reach websockify, if you use --host-token. This functionality is activated with the --token-plugin CLASS and --token-source ARG options, where CLASS is usually one from token_plugins.py and ARG is the plugin's configuration.

Other implementations of websockify

The primary implementation of websockify is in python. There are several alternate implementations in other languages available in our sister repositories websockify-js (JavaScript/Node.js) and websockify-other (C, Clojure, Ruby).

In addition there are several other external projects that implement the websockify "protocol". See the alternate implementation Feature Matrix for more information.

Wrap a Program

In addition to proxying from a source address to a target address (which may be on a different system), websockify has the ability to launch a program on the local system and proxy WebSockets traffic to a normal TCP port owned/bound by the program.

The is accomplished with a small LD_PRELOAD library (rebind.so) which intercepts bind() system calls by the program. The specified port is moved to a new localhost/loopback free high port. websockify then proxies WebSockets traffic directed to the original port to the new (moved) port of the program.

The program wrap mode is invoked by replacing the target with -- followed by the program command line to wrap.

`./run 2023 -- PROGRAM ARGS`

The --wrap-mode option can be used to indicate what action to take when the wrapped program exits or daemonizes.

Here is an example of using websockify to wrap the vncserver command (which backgrounds itself) for use with noVNC:

`./run 5901 --wrap-mode=ignore -- vncserver -geometry 1024x768 :1`

Here is an example of wrapping telnetd (from krb5-telnetd). telnetd exits after the connection closes so the wrap mode is set to respawn the command:

`sudo ./run 2023 --wrap-mode=respawn -- telnetd -debug 2023`

The wstelnet.html page in the websockify-js project demonstrates a simple WebSockets based telnet client (use 'localhost' and '2023' for the host and port respectively).

Installing websockify

Download one of the releases or the latest development version, extract it and run python3 setup.py install as root in the directory where you extracted the files. Normally, this will also install numpy for better performance, if you don't have it installed already. However, numpy is optional. If you don't want to install numpy or if you can't compile it, you can edit setup.py and remove the install_requires=['numpy'], line before running python3 setup.py install.

Afterwards, websockify should be available in your path. Run websockify --help to confirm it's installed correctly.

Comments
  • Win32 support for C version of websockify

    Win32 support for C version of websockify

    Hi!

    I've tried to port websockify to win32, and to bring it closer to the state of the Python version as well. Unfortunately, I'm not done yet. Here's the current state:

    • Builds with Visual C++ 2010 Express
    • Works (for Telnet) with Chrome as the client, does not work yet with Aurora (FireFox 5 alpha 2), does not work at all with IE 9
    • Still not supporting multiple protocol choices (sorry ran out of time)
    • Removed the headers_t struct (was getting big), replaced it with 3 functions to extract handshake fields

    (Sorry about the unnecessary binary files. I removed them, but forgot to squash my commits before uploading them. Maybe I'll find time yet to produce a cleaner branch.)

    Let me know if there's anything you need done before you can pull.

    Hans-Peter

    opened by JPGygax68 36
  • Advice: Add recording feature to websockify.js

    Advice: Add recording feature to websockify.js

    I'm hoping someone can give me a little bit of advice with websockify.js.

    I played around for a few weeks writing my own implementation before I noticed you had websockify for node, and I figured I would try and update websockify.js rather than open sourcing mine.

    In my app, I am able to take a websocket connection in, and forward it through a TCP socket to connect to a VNC session using novncd. But when I grab incoming data from the websocket or the TCP socket, and write it to a file (like the record function in the python version) I don't get anything like the data I see in the python version. I attempted to duplicate the decode_hybi and encode_hybi functions and pulling frames out of the socket--but I end up with garbage. I think that's because the 'ws' library is already handling the encoding/decoding.

    Can someone give me a kick in the right direction on massaging the data in Node and/or what the format is that the python version spits out?

    i.e. the Python spits out a file like this.

    var VNC_frame_encoding = 'binary';
    var VNC_frame_data = [
    '{834{RFB 003.008\n',
    '}876}RFB 003.008\n',
    '{907{\x02\x02\x10',
    '}941}\x10',
    '{969{\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02STDVVNCAUTH_',
    '}1002}\x00\x00\x00\x02',
    

    I know it's basically dumping a long JavaScript string into a variable, but I'm not familiar with the format.

    Thanks in advance.

    -A

    question 
    opened by darkpixel 30
  • Multiple targets support (pending: AJAX query API)

    Multiple targets support (pending: AJAX query API)

    Instead of just having a single target host:port, it would be useful to be able to specify multiple host:port targets on the command line. This would address security issues related to allowing the client to select an arbitrary host:port, but it would allow a single instance of the proxy to serve multiple VNC servers.

    This would require a mechanism to communicate to the client the list of valid targets and it would require a method for the client to select a target on connect. For backwards compatibility the first target host:port on the command line would be the default if the client doesn't specify one.

    Update:

    There have been several proposals to add arbitrary target support to websockify (i.e. by passing the host and port in the path). This model is a HUGE security risk because allows a malicious piece of Javascript to connect to arbitrary socket ports inside the network. Even if the websockify server only allows connections from browsers inside the network it still wouldn't help.

    Imagine a malicious piece of Javascript (perhaps delivered via a hacked ad or via a SQL injection attack against some public website) running on a browser inside the network. This Javascript can now connect back out to a control server (using WebSockets, or AJAX or whatever) which can then give commands to connect to arbitrary ports inside the network. But connections via websockify are plain sockets which means that any socket service inside the network is at risk. Normal WebSocket connections are not an issue because they have a HTTP-like handshake that must complete before the Javascript can send any data to the server. But websockify strips off the WebSocket handshake.

    In other words, the list of available targets MUST be controlled/managed by the server side (where websockify is running), NOT by Javascript running in the browser.

    feature patchwelcome 
    opened by kanaka 30
  • Bring websockifiy.c up to date to support HyBi/IETF 6455 version of protocol

    Bring websockifiy.c up to date to support HyBi/IETF 6455 version of protocol

    hey, since python is bugging around (cant find ssl + multiprocessing but they are installed...) and i saw there is a C alternative i tried it, badly it didnt work.

    i looks like this: ./websockify 5800 :5900 Warning: 'self.pem' not found Waiting for connections on :5800 0: got client connection from ** 0: forking handler process 0: sending flash policy response 0: No connection after handshake 0: handler exit

    always the same, noVNC says: Server disconnected

    so whats the problem now, noVNC/websockify.c? there werent any errors/warning @ compiling.

    greetings

    feature fixed patchwelcome 
    opened by yhaenggi 29
  • Problem with novnc-websockify on Windows

    Problem with novnc-websockify on Windows

    1- I download the https://github.com/downloads/kanaka/websockify/Websockify%20Windows%20Service.zip

    2- i unzip the folder at C:\Websockify Windows Service

    3- i download https://github.com/downloads/kanaka/websockify/websockify.zip

    and unzip and copy its content to C:\Websockify Windows Service

    4- i download novnc from https://github.com/kanaka/noVNC

    5- i unzip it at C:\Users\waldman\Downloads\noVNC-master\noVNC-master

    6- i run the command

    C:\Websockify Windows Service>websockify.exe --web "C:\Users\waldman\Downloads\noVNC-master\noVNC-master" 6080 localhost :5901

    the log is :

    WARNING: no 'resource' module, daemonizing support disabled WebSocket server settings:

    • Listen on :6080
    • Flash security policy server
    • Web server. Web root: C:\Users\waldman\Downloads\noVNC-master\noVNC-master
    • No SSL/TLS support (no cert file)
    • proxying from :6080 to localhost:5901

    In my browser i am going to

    http://localhost:6080/vnc_auto.html?host=localhost&port=6080&true_color=1

    also tried with

    http://localhost:6080/vnc_auto.html?host=localhost&port=5901&true_color=1

    I am getting server disconnected --> WHY ? ? ?

    The server is fine as when i am trying to use

    http://kanaka.github.com/noVNC/noVNC/vnc_auto.html?host=localhost&port=5901&true_color=1

    I can login to my server with no problem

    So my question is What is missing in order that i will be able to use my novnc service and not to use the "http://kanaka.github.com/noVNC/noVNC/vnc_auto.html"

    I want to have my nonvc and not use external "kanaka.github.com"

    Thanks for help

    B.T.W same issue happened both at windows & linux (I prefer windows solution)

    the log is

    2: 127.0.0.1: ignoring socket not ready 3: 127.0.0.1: ignoring empty handshake 4: 127.0.0.1: "GET /auto.vnc.html?host=localhost&port=6080&true_color=1 HTTP/1.1" 404 - 5: 127.0.0.1: ignoring socket not ready 6: 127.0.0.1: "GET /auto-vnc.html?host=localhost&port=6080&true_color=1 HTTP/1.1" 404 - 9: 127.0.0.1: ignoring socket not ready 10: 127.0.0.1: ignoring empty handshake 12: 127.0.0.1: ignoring socket not ready 13: 127.0.0.1: ignoring empty handshake 14: 127.0.0.1: ignoring empty handshake 15: 127.0.0.1: ignoring empty handshake 16: 127.0.0.1: ignoring empty handshake 17: 127.0.0.1: ignoring empty handshake 18: 127.0.0.1: ignoring empty handshake 19: 127.0.0.1: ignoring empty handshake 20: 127.0.0.1: ignoring empty handshake 21: 127.0.0.1: ignoring empty handshake 22: 127.0.0.1: ignoring empty handshake 23: 127.0.0.1: ignoring empty handshake 24: 127.0.0.1: ignoring empty handshake 25: 127.0.0.1: ignoring empty handshake 26: 127.0.0.1: ignoring empty handshake 27: 127.0.0.1: ignoring empty handshake 28: 127.0.0.1: ignoring empty handshake 29: 127.0.0.1: ignoring empty handshake 30: 127.0.0.1: ignoring empty handshake 31: 127.0.0.1: ignoring empty handshake 33: 127.0.0.1: ignoring socket not ready 34: 127.0.0.1: ignoring empty handshake 35: 127.0.0.1: ignoring empty handshake 36: 127.0.0.1: ignoring empty handshake

    bug patchwelcome Windows 
    opened by doriwal 26
  • Websockify new release

    Websockify new release

    Greetings!!

    You all must be knowing websockify project is used by the OpenStack Nova noVNC service for viewing virtual machine consoles and we intend to use this OpenStack service in our production deployment. Few months back, “use python logging module” feature was added to the websockify project in this https://github.com/kanaka/websockify/pull/100 pull request and we want to this feature in OpenStack which will enable us to log messages from both Nova noVNC service and websockify library to the same log file. The latest websockify version v0.5.1 used by the OpenStack nova service doesn’t have the above feature.

    Request you to please release new version of websocikfy project that will enable us to use “python logging module” feature.

    Thanks in advance for your co-operation.

    opened by nttdatainc-openstackers 18
  • websockify.py code 400, message Bad request syntax ('\x88

    websockify.py code 400, message Bad request syntax ('\x88

    This error occurs only with websockify.py (cloned 26-May-2015), not with the Node.js version. Using Python 2.7.8 (precompiled Windows binary); and get the same problem in both browsers I've tried, IE11.0.9600.17691, and Chrome 43.0.2357.65 m.

    After the Javascript code calls sock.close() on its WebSocket, then websockify.py logs a message such as :

    127.0.0.1 - - [28/May/2015 14:49:28] code 400, message Bad request syntax ('\x88 \x8f\x96\x09\x4c\x15\x95\xe1\x18\x74\xe4\x6E\x29\x61\xb6\x6a\x20\x7a\xe5\x6c\x28')

    This is actually a valid message in the WebSocket protocol (RFC 6455). 0x88 means FIN+Close, 0x8F means Masked and length 15 bytes; 96094c15 is an XOR mask, and applying it to the rest of the text uncovers 1000 "Target Closed" which is a correct message.

    I'm not sure why websockify doesn't like this particular message, maybe it doesn't have mask support? My send-receive works perfectly well from HTML5 to my plaintext server via websockify; this error is just a bogus log message after each close() .

    Here is Wireshark screenshot: http://i.imgur.com/mHuHxJ6.png

    52770 is my server's listen port; 52771 is websockify.py's listen port. 57461 is the source port of the browser's connection to websockify. As you can see, this packet which is being reported on came after the FIN for the connection to 52770; i.e. while the connection between browser and websockify is being shut down and therefore it can't be due to a problem with my server.

    Websockify was started by "run 52771 localhost:52770".

    bug 
    opened by OldWolf2 17
  • 'module' object has no attribute 'SIGCHLD'

    'module' object has no attribute 'SIGCHLD'

    Hi! i tried to start the echo demo. Therfore i put the echo.py and websocket.py in one directory. when i try to start up i get this error:

    H:\workspace\python\websocketServer\src>python echo.py 9999 WARNING: no 'resource' module, daemonizing is disabled Traceback (most recent call last): File "echo.py", line 74, in server.start_server() File "H:\workspace\python\websocketServer\src\websocket.py", line 827, in star t_server

    signal.SIGCHLD: signal.getsignal(signal.SIGCHLD),
    

    AttributeError: 'module' object has no attribute 'SIGCHLD'

    Python version is 3.3.2

    bug Windows 
    opened by alexwahl 16
  • Added JWT tokens capability

    Added JWT tokens capability

    This PR adds the capability to use (a)symmetric JWTs as token for retrieving connection details. The only argument needed, is the public key or shared secret file for verification.

    This way, the management of tokens to hosts becomes very manageable and quite secure.

    I've also added some tests to confirm its functionality. Needless to say that the public/private keys displayed here are only for testing and mustn't be used in production

    Let me know what you guys think!

    feature 
    opened by UXabre 15
  • Split out generic parts

    Split out generic parts

    Right now websocketserver.py is a bit of a kitchen sink. It has ssl, threading, select, logging and lots of other things. As such it is often not a good fit for integrating in to other projects. This PR tries to remedy that by separating the truly generic parts from the bonus features.

    github doesn't show a nice diff here, but git with a bunch of -C and -M will. The basic principle is that websocketserver.py is split in to three parts:

    • websocket.py: Raw WebSocket protocol handling, modelled after SSLSocket
    • websocketserver.py: Simple WebSocket request handler/server in the same principle as Python's standard SocketServer
    • websockifyserver.py: The new base for all the extra features

    The idea is that the basic parts should be at a state where they could be merged with upstream Python.

    I've noted this as a request for comments as it still need doc strings and such, but I wanted to first make sure that it isn't any major objections to this kind of split. It would make it easier for us that want to integrate your WebSocket handling elsewhere. :)

    This PR removes the features on non-strict protocol parsing, and data recording. If those are really important then I can look at re-introducing them. It also adds stubs for WebSocket client mode, but no complete code yet.

    opened by ossman 15
  • websockify.js does not work with HyBi/RFC 6455

    websockify.js does not work with HyBi/RFC 6455

    it's doesn't work: client connect via websocket but don'n connect to the vnc server. Here is the output:

    sudo node websockify.js 5800 192.168.1.238:5900 The "sys" module is now called "util". It should have a similar interface. 23 Jan 11:31:27 - source: :5800 23 Jan 11:31:27 - target: 192.168.1.238:5900 23 Jan 11:32:27 - Got client connection 23 Jan 11:32:27 - received handshake data: GET / HTTP/1.1 Upgrade: websocket Connection: Upgrade Host: 127.0.0.1:5800 Sec-WebSocket-Origin: http://127.0.0.1 Sec-WebSocket-Protocol: base64 Sec-WebSocket-Key: ZuvyY7juuugl1nQ/DqhIiQ== Sec-WebSocket-Version: 8 Cookie: logging=warn; stylesheet=default; host=; port=; password=; encrypt=false; true_color=true; shared=true; view_only=false; connectTimeout=2; path=; cursor=false; clip=false

    23 Jan 11:32:27 - Got partial handshake 23 Jan 11:32:29 - recieved client end

    feature fixed patchwelcome 
    opened by masterofdaemon 14
  • Support for Listening to unix socket [+ git patch for v0.10.0]

    Support for Listening to unix socket [+ git patch for v0.10.0]

    I´m using websockify and two other services behind NGINX in a docker container. Listening to an IP in this setup is not ideal. Allocates an extra port and a Unix socket should also be slightly faster.

    I´ve already implemented a patch for websockify v0.10.0.

    This would add two more options

      --unix-listen=FILE    listen to unix socket
      --unix-listen-mode=LISTEN_SOCK_MODE
                            specify mode for unix socket (defaults to 0600)
    

    I used 0600 as the default access modifier as that's what tigervnc seems to default to.

    Can work on a merge request if this seems fine to you.

    You can apply the patch against either the git tag v0.10.0 or the tar releases (but I have not tested if this works with the latest commit) Either with

    • Git git apply <patchfile> (I hope... I never used this command)
    • Linux patch command patch --directory /path/to/websockify -p1 </path/to/patch
    diff --git a/websockify/websocketproxy.py b/websockify/websocketproxy.py
    index 09d7882..16199f0 100644
    --- a/websockify/websocketproxy.py
    +++ b/websockify/websocketproxy.py
    @@ -11,7 +11,7 @@ as taken from http://docs.python.org/dev/library/ssl.html#certificates
     
     '''
     
    -import signal, socket, optparse, time, os, sys, subprocess, logging, errno, ssl
    +import signal, socket, optparse, time, os, sys, subprocess, logging, errno, ssl, stat
     from socketserver import ThreadingMixIn
     from http.server import HTTPServer
     
    @@ -112,7 +112,9 @@ Traffic Legend:
                                  self.server.target_host, self.server.target_port, e)
                 raise self.CClose(1011, "Failed to connect to downstream server")
     
    -        self.request.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
    +        # Option unavailable when listening to unix socket
    +        if not self.server.listen_sock:
    +            self.request.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
             if not self.server.wrap_cmd and not self.server.unix_target:
                 tsock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
     
    @@ -467,6 +469,12 @@ def websockify_init():
         parser.add_option("--ssl-ciphers", action="store",
                 help="list of ciphers allowed for connection. For a list of "
                 "supported ciphers run `openssl ciphers`")
    +    parser.add_option("--unix-listen",
    +            dest="listen_sock",
    +            help="listen to unix socket", metavar="FILE")
    +    parser.add_option("--unix-listen-mode",
    +            dest="listen_sock_mode", default=None,
    +            help="specify mode for unix socket (defaults to 0600)")
         parser.add_option("--unix-target",
                 help="connect to unix socket target", metavar="FILE")
         parser.add_option("--inetd",
    @@ -617,6 +625,16 @@ def websockify_init():
     
         if opts.inetd:
             opts.listen_fd = sys.stdin.fileno()
    +    elif opts.listen_sock:
    +        if opts.listen_sock_mode:
    +            try:
    +                # Parse octal notation (like 750)
    +                opts.listen_sock_mode = int(opts.listen_sock_mode, 8)
    +            except ValueError:
    +                parser.error("Error parsing listen unix socket mode")
    +        else:
    +            # Default to 0600 (Owner Read/Write)
    +            opts.listen_sock_mode = stat.S_IREAD | stat.S_IWRITE
         else:
             if len(args) < 1:
                 parser.error("Too few arguments")
    diff --git a/websockify/websockifyserver.py b/websockify/websockifyserver.py
    index 0199e42..948c34b 100644
    --- a/websockify/websockifyserver.py
    +++ b/websockify/websockifyserver.py
    @@ -325,12 +325,15 @@ class WebSockifyServer():
                 file_only=False,
                 run_once=False, timeout=0, idle_timeout=0, traffic=False,
                 tcp_keepalive=True, tcp_keepcnt=None, tcp_keepidle=None,
    -            tcp_keepintvl=None, ssl_ciphers=None, ssl_options=0):
    +            tcp_keepintvl=None, ssl_ciphers=None, ssl_options=0,
    +            listen_sock=None, listen_sock_mode=None):
     
             # settings
             self.RequestHandlerClass = RequestHandlerClass
             self.verbose        = verbose
             self.listen_fd      = listen_fd
    +        self.listen_sock         = listen_sock
    +        self.listen_sock_mode    = listen_sock_mode
             self.listen_host    = listen_host
             self.listen_port    = listen_port
             self.prefer_ipv6    = source_is_ipv6
    @@ -387,6 +390,8 @@ class WebSockifyServer():
             self.msg("WebSocket server settings:")
             if self.listen_fd != None:
                 self.msg("  - Listen for inetd connections")
    +        elif self.listen_sock != None:
    +            self.msg("  - Listen on unix socket %s", self.listen_sock)
             else:
                 self.msg("  - Listen on %s:%s",
                         self.listen_host, self.listen_port)
    @@ -700,6 +705,17 @@ class WebSockifyServer():
     
             if self.listen_fd != None:
                 lsock = socket.fromfd(self.listen_fd, socket.AF_INET, socket.SOCK_STREAM)
    +        elif self.listen_sock != None:
    +            # Make sure the socket does not already exist
    +            try:
    +                os.unlink(self.listen_sock)
    +            except OSError:
    +                if os.path.exists(self.listen_sock):
    +                    raise
    +            lsock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    +            lsock.bind(self.listen_sock)
    +            os.chmod(self.listen_sock, self.listen_sock_mode)
    +            lsock.listen(100)
             else:
                 lsock = self.socket(self.listen_host, self.listen_port, False,
                                     self.prefer_ipv6,
    @@ -766,6 +782,9 @@ class WebSockifyServer():
                                 ready = select.select([lsock], [], [], 1)[0]
                                 if lsock in ready:
                                     startsock, address = lsock.accept()
    +                                # Unix Socket will not report address (empty string), but address[0] is logged a bunch
    +                                if self.listen_sock != None:
    +                                    address = [ self.listen_sock ]
                                 else:
                                     continue
                             except self.Terminate:
    
    
    feature 
    opened by shiomax 1
  • TokenRedis plugin improvements

    TokenRedis plugin improvements

    Various improvements to the TokenRedis plugin maintaining backwards compatibility:

    • Support for password protected redis servers
    • Support to select the redis database to use
    • Support both for json and text format tokens (json seems a bit of an overhead in most cases)
    • Verification of the token decoding and return None in case of a decoding error
    • Eliminate the dependency with simplejson module since the json module in the standard lib is more than enough for our basic usage of using the loads
    • Additional tests to verify all the functionality
    opened by javicacheiro 11
  • Fix deadlocks due to invalid handling of SSL sockets and select

    Fix deadlocks due to invalid handling of SSL sockets and select

    SSL sockets can't be used with select() in the same way raw sockets would, since the OS socket readable/writable state is not always identical to the one of the SSL stack. See also: https://docs.python.org/3/library/ssl.html#notes-on-non-blocking-sockets

    For instance, websockify is currently unable to proxy a connection to a SSL target - unless the server-side sends data first.

    In this case, the OS socket is reported as readable - due to SSL protocol data like sessions tickets being exchanged - while the SSL socket is not readable since application data hasn't been received from the server-side yet. As SSL sockets are read from (and written to) in a blocking fashion, the current implementation then simply stalls. For an example, see here:

    https://user-images.githubusercontent.com/12437061/148658553-3dbffd73-bfed-495d-b79c-79eb79d61940.mov

    The following patch tries to leave most of the existing socket handling logic intact while addressing the special handling required for SSL sockets. In particular, SSL sockets are now put in non-blocking mode, so that false-positive readable reports from select() don't lead to a deadlock but an exception. (Unfortunately, the SSLSocket.pending() API doesn't seem to work reliably to archive the same with blocking SSL sockets.. :-/)

    In addition, the patch introduces an assertion to ensure the internal buffer size is equal or above 16kb so that all available data can be directly read from a SSL socket in a single call. Otherwise, there would be additional (annoying) handling required to make sure no data is accidentally left behind when a SSL socket would be only partially read. In this case, select() wouldn't report this socket as readable again - unless new data is received - since the rest of the data has already been read and buffered by the SSL socket layer.

    bug 
    opened by cb5890 0
  • handler exception: can't pickle _thread.RLock objects

    handler exception: can't pickle _thread.RLock objects

    I am trying to use websockify to proxy between local port 5901 and a different remote machine's port 1234, but getting this odd error:

    $ python.exe -m websockify 5901 1.2.3.4:1234 --cert ..\secrets\ssl.crt --key ..\secrets\ssl.key
    WARNING: no 'resource' module, daemonizing is disabled
    WebSocket server settings:
      - Listen on :5901
      - SSL/TLS support
      - proxying from :5901 to 1.2.3.4:1234
    handler exception: can't pickle _thread.RLock objects
    handler exception: can't pickle _thread.RLock objects
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "C:\Python36\lib\multiprocessing\spawn.py", line 105, in spawn_main
        exitcode = _main(fd)
      File "C:\Python36\lib\multiprocessing\spawn.py", line 115, in _main
        self = reduction.pickle.load(from_parent)
    EOFError: Ran out of input
    

    I am running on this version of Python: Python 3.6.8 (tags/v3.6.8:3c6b436a57, Dec 24 2018, 00:16:47) [MSC v.1916 64 bit (AMD64)] on win32

    and on websockify commit dc345815c0c344de115278a37e837ba6a6f1b272

    Windows 
    opened by nmz787 1
  • Relative paths doesn't work

    Relative paths doesn't work

    Websockify is unable to find files when given a relative path, say, ./run --token-plugin TokenFile --token-source tokens.list --web ../../ 6080 --verbose Gives a error: handler exception: [Errno 2] No such file or directory: 'tokens.list' exception Whereas the file exists in the same folder.

    However, while giving absolute path like: ./run --token-plugin TokenFile --token-source /mnt/c/Users/Srajan/Downloads/noVNC-1.2.0/noVNC-1.2.0/utils/websockify/tokens.list --web ../../ 6080 --verbose The tokens get resolved successfully.

    I have checked this for bash on windows.

    bug Windows 
    opened by srajan96 2
Releases(v0.11.0)
  • v0.11.0(Dec 16, 2022)

  • v0.10.0(Jul 22, 2021)

    Major Changes

    • Python 3.4 or newer is now required
    • Empty message frames are now supported
    • Tokens can now specify a Unix domain socket file to connect to
    • Time limits on JWT tokens are now respected
    • Whitespace is better tolerated in token files
    • Lots of minor fixes...
    Source code(tar.gz)
    Source code(zip)
  • v0.9.0(Aug 13, 2019)

    Major Changes

    • Base64 support removed and binary mode is now required
    • Low level WebSocket protocol handling now has its own class
    • Authentication now optionally required for web server
    • Server hostname can be used as the token
    • JWT/JWS/JWE can be used for the token
    • redis can be used for the token
    • Can now log to syslog
    • Improved latency by disabling Nagle for proxied connection
    • Added client certificate authentication
    • Support for password protected certificate key file
    • TLS ciphers and options are now configurable
    • Can be invoked via inetd
    • Lots of minor fixes...
    Source code(tar.gz)
    Source code(zip)
  • v0.8.0(Feb 18, 2016)

    Major Changes

    • Make websockify properly terminate children on SIGTERM (#226)
    • Remove logging in signal handlers (this can cause Python to hang under certain conditions) (#219)
    • Make it easier to log to a file (#205)
    • Add support for IPv6 addresses in tokens in the TokenFile token plugins (#197)
    • Improve auth plugin framework to enable better support for HTTP auth (#194, #201)
    • Fix bug in JSONTokenAPI token plugin (#192)
    • Fix a missing variable in the exception handler (#178)
    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Jul 24, 2015)

    Major Changes

    • Python 3 support fixes (#140, #155, #159)
    • Generic token-parsing plugins support (#162)
    • Generic authentication plugins support (#172)
    • Fixed frame corruption on big-endian systems (#161)
    • Support heartbeats (via PING) and automatic responses to PONG (#169)
    • Automatically reject unmasked client frames by default (strict mode) (#174)
    • Automatically restart interrupted select calls (#175)
    • Make 'run' respect environment settings (including virtualenv) (#176)
    Source code(tar.gz)
    Source code(zip)
  • v0.6.1(May 12, 2015)

    This is a minor patch release

    This release fixes a bug causing the file_only parameter to be ignored. See https://bugs.launchpad.net/nova/+bug/1447675

    Source code(tar.gz)
    Source code(zip)
  • v0.6.0(Feb 18, 2014)

    Note: This release breaks existing code which sub-classes WebsocketProxy. See pull requests #110 and #111 for more information, or see the following gist for an example on how to update your code: DirectXMan12/gist:9080857

    Major Changes

    • Refactor to use standard SocketServer RequestHandler design
    • Fix bug causing zombie processes on certain systems when using multiprocessing
    • Log using python logging module instead of printing directly to stdout/stderr
    • Add better unit tests
    Source code(tar.gz)
    Source code(zip)
Owner
noVNC
The HTML5 VNC Client
noVNC
Python socket.io server implementation on top of Tornado framework

TornadIO2 Disclaimer Unfortunately, Socket.IO 0.8 branch is abandoned, there are huge amount of bugs and nothing getting fixed. I would suggest to loo

Serge S. Koval 526 Oct 03, 2022
Official repository for gevent-socketio

Presentation gevent-socketio is a Python implementation of the Socket.IO protocol, developed originally for Node.js by LearnBoost and then ported to o

Alexandre Bourget 1.2k Dec 12, 2022
A simple texts communication platform using pygame and sockets.

Python Tchat A simple texts communication platform using pygame and sockets. How to install ? You need a python 3.8.6 server with at least one opened

Yohann Boniface 7 Jan 23, 2022
Library for building WebSocket servers and clients in Python

What is websockets? websockets is a library for building WebSocket servers and clients in Python with a focus on correctness and simplicity. Built on

Aymeric Augustin 4.3k Jan 04, 2023
WebSocket client for Python

websocket-client The websocket-client module is a WebSocket client for Python. It provides access to low level APIs for WebSockets. All APIs are for s

3.1k Jan 02, 2023
Library for easily creating and managing websockets.

Documentation coming in version 0.1.4 GitHub PyPI Discord Features Easy to use with object oriented syntax. Intellisense support with typehints and do

ZeroIntensity 0 Aug 27, 2022
Burgeramt-appointments-websockets - Fetch Bürgeramt appointments and broadcast them via websockets

Bürgeramt appointment finder This server looks for Bürgeramt appointment every f

74 Dec 19, 2022
Socket.IO integration for Flask applications.

Flask-SocketIO Socket.IO integration for Flask applications. Installation You can install this package as usual with pip: pip install flask-socketio

Miguel Grinberg 4.9k Jan 03, 2023
Tetri5 - Multiplayer Websocket Backend

Tetri5 - Multiplayer Websocket Backend This repository is the backend of the multiplayer portion of the Tetri5 game client. It uses the python websock

Giovani Rodriguez 1 Dec 10, 2022
一款为 go-cqhttp 的正向 WebSocket 设计的 Python SDK

Nakuru Project 一款为 go-cqhttp 的正向 WebSocket 设计的 Python SDK 在 kuriyama 的基础上改动 项目名来源于藍月なくる,图标由せら绘制 食用方法 将 nakuru 文件夹移至 Python 的 Lib/site-packages 目录下。

35 Dec 21, 2022
A Security Tool for Enumerating WebSockets

STEWS: Security Testing and Enumeration of WebSockets STEWS is a tool suite for security testing of WebSockets This research was first presented at OW

175 Jan 01, 2023
Benchmark a WebSocket server's message throughput ⌛

📻 WebSocket Benchmarker ⌚ Message throughput is how fast a WebSocket server can parse and respond to a message. Some people consider this to be a goo

Andrew Healey 24 Nov 17, 2022
Python Socket.IO server and client

python-socketio Python implementation of the Socket.IO realtime client and server. Version compatibility The Socket.IO protocol has been through a num

Miguel Grinberg 3.2k Dec 31, 2022
Python framework for AsyncAPI-documented Websocket, PubSub, and other async constructs

asyncapi-eventrouter Work in Progress Write Python code for Event-Driven Architectures! The asyncapi-eventrouter prototype library creates Websocket,

noteable 4 Jan 27, 2022
Connects microservices through a mesh of websockets

WebMesh WebMesh is a WebSocket based communication library for microservices. It uses a WebSocket server based on wsproto that distributes clients on

Charles Smith 9 Apr 29, 2022
image stream publish server over websocket

Image Stream Push Server 简介 通过浏览器网页实时查看图像处理结果。 环境 运行程序需要安装一下python依赖: tornado: 用于创建http及websocket服务; opencv-contrib-python: 用于图像数据源获取及图像处理。 使用 进入到src目

MrError404 1 Nov 04, 2021
Elegant WebSockets for your Flask apps.

Flask-Sockets Elegant WebSockets for your Flask apps. Simple usage of route decorator: from flask import Flask from flask_sockets import Sockets app

Heroku Python Team 1.7k Dec 26, 2022
Discord.py Connect to Discord voice call with websocket

Discord.py Connect to Discord voice call with websocket

WoahThatsHot 3 Apr 22, 2022
Terminals served by tornado websockets

This is a Tornado websocket backend for the Xterm.js Javascript terminal emulator library. It evolved out of pyxterm, which was part of GraphTerm (as

Project Jupyter 332 Dec 27, 2022
SocketIO 转发台,保持 botoy 能力和插件功能的同时,透传其接口,以此使用更灵活、生态更好的技术进行开发

bot_sio_transfer SocketIO 转发台,保持 botoy 能力和插件功能的同时,透传其接口,以此使用更灵活、生态更好的技术进行开发 Usage 请参考 botoy 文档接入本插件 Example 考虑一种图文混排场景,如何从复杂结构内快速获取第一张图片的 url ? ( 假设图片

OPQ Open Source Community 3 Oct 18, 2021