0

I'm writing a websocket client to connect to a server which I do not have the source code for (black box testing).

When I try to connect to the server with the following code, the default headers keep getting added to the request, and as a result it fails due to the specs of RFC 6455 only allowing a single Sec-WebSocket-Key to be used in the header.

socket_key = "Sec-WebSocket-Key: " + r.headers['Sec-WebSocket-Accept']

websocket.enableTrace(True)
ws = create_connection('wss://example.com/socket.io/?EIO=3&transport=websocket', headers=[socket_key])

However, this request is being sent instead:

--- request header ---
GET /socket.io/?EIO=3&transport=websocket HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Host: example.com
Origin: http://example.com
Sec-WebSocket-Key: <Generated WebSocket Key>
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: <socket_key from above>

How can I prevent the first Sec-WebSocket-Key header from appearing, or replace its generated WebSocket key in the request with my own WebSocket key?

Improve this question

1 Answer 1

Reset to default
1

Pass in a dictionary instead of a list, for the header argument:

my_header = { "Sec-WebSocket-Key" : "12345abcde" }
ws = websocket.create_connection("ws://127.0.0.1:8000/", header = my_header)

For this code, I see the following outbound request:

websocket:--- request header ---
GET / HTTP/1.1
Upgrade: websocket
Connection: Upgrade
Host: 127.0.0.1:8000
Origin: http://127.0.0.1:8000
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: 12345abcde
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.