Are there any browser extensions for inspecting WebSocket traffic as there are for "normal" HTTP traffic?
Some background: Having used the Firefox "Live HTTP headers" extension for years, it really helped me to better understand HTTP and has been a great aid in developing advanced web applications. As I'm now in the middle of developing a real-time web application with node.js and socket.io, a similar tool for WebSocket traffic would be helpful.
Check this out: Inspecting WebSocket Traffic with Chrome Developer Tools
It contains even a video about how to do it.
Related
Nothing too complex with this question, trying to use the chrome devtools protocol in chrome remote interface in order to authenticate with a proxy (headerlessly).
I believe this is already a thing, as the CRI has AuthChallange and AuthChallangeResponse types, as well as puppeteer (high level API around the devtools protocol) already having an authenticate method.
From a small amount of previous experience with the chrome remote interface / chrome devtools protocol, I believe that this problem is likely solved by using Network events in order to listen out for the "AuthChallange" and send / intercept some kind of response.
This is as much as I am aware of so far, and am looking for that simple piece of code which a day of research and googling has unfortunately not provided.
EDIT:
Checked documentation for devtools protocol, but can't find an event that would be related to connecting to a proxy ?
If anymore information is required I can provide this asap
I never done any API, I just recently become aware of REST, never used sockets or node.js, but I have this simple project in mind using all of these.
Imagine usual app with request/response stuff. Nothing fancy. But then sometimes I need real time functionality, lets say there's a live support for website, a chat. So majority of users never need sockets and everything is easy, but when they do, what's then? How that would look and work with restful api?
As you tag, socket.io is perfect for you. It creates a socket within the browser to your server without the user installing any third party program, using websockets and longpolling. And for the users that have old browsers and don't have those browser built-in functions, it can fallback to a third party plugin: Flash Player, but almost all browsers have it installed.
Is you are used to Javascript or object oriented programming, socket.io and node.js is a walk in the park. If you don't want to use node.js and socket.io, you can write your own implementation of client-server with this info:
WebSockets
Long Polling example
Flash AS3 Socket
As a small adition, simply you need your default web server (Apache, Nginx, Lighthttpd, whatever...) running in default port 80 and also running a node.js server in other port, let's say 8080. That second server will serve all the files needed to connect, because socket.io can only connect to the same domain and port that served the files (security reasons, I guess).
In short, you'll have 2 servers: One serving your entire webpage and another one serving the files needed to connect to your chat (and also serving the chat, obviously).
I have exactly that configuration made in one of my pages (a live sports streaming site) and to add the chat to my site I have this server running in port 8080 and I load it in the main page inside an iframe: http://www.example.com:8080/
As an adition, you can create a complete http server in node.js, but I don't guess that it is useful as a professional web server.
I have a doubt about using module mod_spdy in my webite:
If I install the module mod_spdy in my Apache Server, What will it happen with the http requests come from desktop and mobile browser which not support the SPDY protocol? (see the browser which not support the SPDY protocol in http://caniuse.com/spdy )
I don’t know if in this case Apache will serve the information using the http protocol or the web browser will have problem to render the information. In the last case, is there any solution to solve the problem with the browser that not support SPDY? For instance, use a web server responding with a different protocol (http or SPDY) depending on which user agent is requesting: browsers support SPDY or browsers only support HTTP.
Thanks in advance,
First of all Apache mod_SPDY supports encrypted connection(HTTPS) only, therefore you have to create a VirtualHost for the 443 port and add your SSL certificate. Mod_SPDY will automatically fallback to HTTPS 1.1 if the browser does not support SPDY. A good use for it is to enable server PUSH. Have fun with SPDY!
I set up a Node.js HTTP server. It listens to path '/' and returns an empty HTML template on a get request.
This template includes Require.js client script, which creates Socket.IO connection with a server.
Then all communication between client and server is provided by Web Sockets.
On connection, server requires authentication; if there are authentication cookies then client sends them to server for validation, if no cookies then client renders login view and waits for user input, etc.
So far everything works, after validating credentials I create a SID for user and use it to manage his access rights. Then I render main view and application starts.
Questions:
Is there a need to use HTTPS instead of HTTP since I'm only using HTTP for sending script to the client? (Note: I'm planning to use Local Storage instead of cookies)
Are the any downfalls in using pure Web Sockets without HTTP?
If it works, why nobody's using that?
Is there a need to use HTTPS instead of HTTP since I'm only using HTTP
for sending script to the client? (Note: I'm planning to use Local
Storage instead of cookies)
No, HTTP/HTTPS is required for handshake for websockets. Choice of HTTP or HTTPS is from security point of view. If you want to use it for simply sending script then there is no harm. If you want to implement user login / authentication in your pages then HTTPS should be used.
Are the any downfalls in using pure Web Sockets without HTTP?
Web sockets and HTTP are very different. If you use pure Web Sockets you will miss out on HTTP. HTTP is the preferred choice for cross-platform web services. It is good for document traversal/retrieval, but it is one way. Web socket provides full-duplex communications channels over a single TCP connection and allows us to get rid of the workarounds and hacks like Ajax, Reverse Ajax, Comet etc. Important thing to note is that both can coexist. So aim for web sockets without leaving out HTTP.
If it works, why nobody's using that?
We live in the age of HTTP, web sockets are relatively new. In the long term, web sockets will gain popularity and take up larger share of web services. Many browsers until recently did not support web sockets properly. See here, IE 10 is the latest and only version in IE to support web sockets. nginx, a wildly popular server did not support web sockets until Feb-March 2013. It will take time for web sockets to become mainstream but it will.
Your question is pretty similar to this one
Why use AJAX when WebSockets is available?
At the end of the day they were both created for different things although you can use web sockets for most, if not everything which can be done in normal HTTP requests.
I'd recommend using HTTPS as you do seem to be sending authentication data over websockets (which will also use the SSL, no?) but then it depends on your definition of 'need'.
Downfalls - Lack of support for older browsers
It's not used this this in many other situations because it's not necessary and it's still 'relatively new'.
I have installed SDK emulator and Twitter client to do research on traffic, I wanna know why Twitter client uses https while sending or receiving its tweets.
Is there any mechanism through which i can change https into http.
I want to analyze the traffic by using wire-shark. Kindly let men kow how i can achieve this
Twitter uses SSL to protect the data in transit...precisely to prevent folks from eavesdropping on it in transit as you are trying to do. The Twitter Android client (and all clients, AFAIK) uses SSL as part of their design and does not allow you disable SSL functionality.