Hacking websockets
-
Upload
tomek-cejner -
Category
Software
-
view
2.200 -
download
0
Transcript of Hacking websockets
HACKING WEBSOCKETSFOR FUN AND PROFIT
@tomekcejner 2015 / SmartRecruiters Inc.
WHAT
REALTIME COMMUNICATION FULL DUPLEX LOW LATENCY
FOR
SOCIAL FEEDS CHAT
COMMON EDITING MONITORING
COMPARING TECHNIQUESBROWSER SERVER
POLLINGBROWSER SERVER
EVENT
EVENT
POLLING
SIMPLE ALWAYS WORKS HIGH TRAFFIC HIGH LATENCY
LONG POLLINGBROWSER SERVER
EVENT
LONG POLLING
NEAR-REALTIME VERY LONG REQUESTS WILL BLOCK THREADS
NEEDS STICKY LOADBALANCING
STREAMINGBROWSER SERVER
EVENT
EVENT
RESPONSE PART
RESPONSE PART
STREAMING
NEAR REALTIME BUFFERING PROXY WILL RUIN
WEBSOCKETSBROWSER SERVER
EVENT
EVENT
UPGRADE
WEBSOCKETS
REALTIME DUPLEX
SUPPORTED BY LATEST BROWSERS MAY BE BROKEN BY SOME PROXIES
WEBSOCKETS API
var socket = new WebSocket('ws://game.example.com:12010/updates');socket.onopen = function () { setInterval(function() { if (socket.bufferedAmount == 0) socket.send(getUpdateData()); }, 50);};
EMITTING MESSAGES
SEND TEXT OR BINARY FRAME LOW OVERHEAD: 2 BYTES PER FRAME
TEXT FRAME
0x81 0x05 0x48 0x65 0x6c 0x6c 0x6f
H e l l o
JAVASCRIPT WEBSOCKETS FRAMEWORK
CLIENT WITH FALLBACKS NODE.JS SERVER
CODE
var app = require('express')();var server = require('http').Server(app);var io = require('socket.io')(server);
server.listen(80);
app.get('/', function (req, res) { res.sendfile(__dirname + '/index.html');});
io.on('connection', function (socket) { socket.emit('news', { hello: 'world' }); socket.on('my other event', function (data) { console.log(data); });});
<script src="/socket.io/socket.io.js"></script><script> var socket = io.connect('http://localhost'); socket.on('news', function (data) { console.log(data); socket.emit('my other event', { my: 'data' }); });</script>
CLIENTSERVER
CHALLENGES
STATEFULNESS SCALABILITY
BROADCASTING
BROADCASTINGio.on('connection', function(socket){ socket.join('some room');});
io.to('some room').emit('some event'):
io.on('connection', function(socket){ socket.on('say to someone', function(id, msg){ socket.broadcast.to(id).emit('my message', msg); });});
MULTIPLE NODES
Node ACLIENT 1
CLIENT 2
Node B
CLIENT 3
CLIENT 4
?
RESOURCEShttp://socket.io
Socket.IO Swift client https://github.com/socketio/socket.io-client-swift
Benefits of Web Sockets https://www.websocket.org/quantum.html
Web Sockets API http://dev.w3.org/html5/websockets/
Web Sockets RFC https://tools.ietf.org/html/rfc6455
Difference between polling, long polling and web sockets explained: http://stackoverflow.com/questions/10028770/html5-websocket-vs-long-polling-vs-ajax-
vs-webrtc-vs-server-sent-events
http://stackoverflow.com/questions/11077857/what-are-long-polling-websockets-server-sent-events-sse-and-comet
THANK YOU
That’s all
BONUS CONTENT
TRACKING USERS IN REDS
SADD mob:online:7501234 55e83ebae4b00f589364debd
SISMEMBER mob:online:7501234 55e83ebae4b00f589364debd
SMEMBERS mob:online:7501234