hacking websockets

HACKING WEBSOCKETSFOR FUN AND PROFIT

@tomekcejner 2015 / SmartRecruiters Inc.

WHAT

REALTIME COMMUNICATION FULL DUPLEX LOW LATENCY

FOR

SOCIAL FEEDS CHAT

COMMON EDITING MONITORING

COMPARING TECHNIQUESBROWSER SERVER

POLLINGBROWSER SERVER

EVENT

EVENT

POLLING

SIMPLE ALWAYS WORKS HIGH TRAFFIC HIGH LATENCY

LONG POLLINGBROWSER SERVER

EVENT

LONG POLLING

NEAR-REALTIME VERY LONG REQUESTS WILL BLOCK THREADS

NEEDS STICKY LOADBALANCING

STREAMINGBROWSER SERVER

EVENT

EVENT

RESPONSE PART

RESPONSE PART

STREAMING

NEAR REALTIME BUFFERING PROXY WILL RUIN

WEBSOCKETSBROWSER SERVER

EVENT

EVENT

UPGRADE

WEBSOCKETS

REALTIME DUPLEX

SUPPORTED BY LATEST BROWSERS MAY BE BROKEN BY SOME PROXIES

CAN I USE?

http://caniuse.com/#feat=websockets

WEBSOCKETS API

var socket = new WebSocket('ws://game.example.com:12010/updates');socket.onopen = function () { setInterval(function() { if (socket.bufferedAmount == 0) socket.send(getUpdateData()); }, 50);};

EMITTING MESSAGES

SEND TEXT OR BINARY FRAME LOW OVERHEAD: 2 BYTES PER FRAME

TEXT FRAME

0x81 0x05 0x48 0x65 0x6c 0x6c 0x6f

H e l l o

JAVASCRIPT WEBSOCKETS FRAMEWORK

CLIENT WITH FALLBACKS NODE.JS SERVER

CODE

var app = require('express')();var server = require('http').Server(app);var io = require('socket.io')(server);

server.listen(80);

app.get('/', function (req, res) { res.sendfile(__dirname + '/index.html');});

io.on('connection', function (socket) { socket.emit('news', { hello: 'world' }); socket.on('my other event', function (data) { console.log(data); });});

<script src="/socket.io/socket.io.js"></script><script> var socket = io.connect('http://localhost'); socket.on('news', function (data) { console.log(data); socket.emit('my other event', { my: 'data' }); });</script>

CLIENTSERVER

CHALLENGES

STATEFULNESS SCALABILITY

BROADCASTING

BROADCASTINGio.on('connection', function(socket){ socket.join('some room');});

io.to('some room').emit('some event'):

io.on('connection', function(socket){ socket.on('say to someone', function(id, msg){ socket.broadcast.to(id).emit('my message', msg); });});

MULTIPLE NODES

Node ACLIENT 1

CLIENT 2

Node B

CLIENT 3

CLIENT 4

?

SCALING

https://github.com/socketio/socket.io-redis

RESOURCEShttp://socket.io

Socket.IO Swift client https://github.com/socketio/socket.io-client-swift

Benefits of Web Sockets https://www.websocket.org/quantum.html

Web Sockets API http://dev.w3.org/html5/websockets/

Web Sockets RFC https://tools.ietf.org/html/rfc6455

Difference between polling, long polling and web sockets explained: http://stackoverflow.com/questions/10028770/html5-websocket-vs-long-polling-vs-ajax-

vs-webrtc-vs-server-sent-events

http://stackoverflow.com/questions/11077857/what-are-long-polling-websockets-server-sent-events-sse-and-comet

THANK YOU

That’s all

BONUS CONTENT

TRACKING USERS IN REDS

SADD mob:online:7501234 55e83ebae4b00f589364debd

SISMEMBER mob:online:7501234 55e83ebae4b00f589364debd

SMEMBERS mob:online:7501234