websocat
websocat copied to clipboard
vi
Authentication
Great tool, but I cannot find a way to do authenticated connects with basic auth. Could you please tell me how to archive this or add this option?
I am working in a business environment where no server allows anonymous connections. I am quite surprised nobody missed this before.
Thanks!
OK, as usual: Having searched for an hour and written the request I immediately find the solution ;-)
websocat -H="Authorization: Basic
That does the trick. Still, a command line option would be nice
Hi, Does anyone know how I can authenticate using WWW-Authenticate? I have tried adding the headers manually similar to @alfredneu however that does not work.
@tony1661 , Do you mean requesting authentication as a server?
That would be something like
websocat -s 1234 --server-header 'WWW-Authenticate: Basic realm="Hello from Websocat", charset="UTF-8"'
But that does not work currently, as it just allows connection without authentication.
Checking if client-supplied Basic auth is valid or not is not implemented yet.
Or do you mean interpreting WWW-Authenticate response from server and interactively asking for username and password?
Maybe a customized error message suggesting to use a new command line with auth header would happen in some future version of Websocat.
@vi Thanks for your response. What I am trying to do is authenticate to a web socket as a client. I am able to authenticate using curl however I cannot send and receive data. My curl command is below and I was wondering if I could do something similar with websocat.
curl -A "Avaya-IPOSysMonitor" --verbose --digest --user Username:Password --header 'Connection: Upgrade' --header 'Host: 36.103.125.5' --header 'Upgrade: websocket' --header 'Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==' --header 'Sec-WebSocket-Protocol: sysmonitor' --header 'Sec-WebSocket-Version: 13' 192.168.222.10/sysmonitor/
--digest is non-basic HTTP authentication. It requires repeated request and is not supported yet in Websocat.
I just submitted https://github.com/websockets-rs/rust-websocket/pull/236 (low-level websocket crate used by this project). This is where the user credentials should be handled. Nothing should be necessary for websocat if this gets merged.
WebSocat 2.0 will be based on websocket-lowlevel. websocket depends on legacy hyper 0.10, which is not going to be packaged for Debian, so it's a dependency to be removed.
Fortunately, the HTTP handling part of someday's Websocat 2.0 already turns username:password into a Authentication: Basic header.
On the other hand, I can publish some additional Websocat 1.5.0 with the pull request in if you would find that useful.
That would definitely solve the immediate issue at hand, yes. Thanks for your concern!
Unfortunately embedding auth in the URL does not work if the username contains an @. Compare e.g.
curl -u [email protected]:s3cr3t https://some.server/
Workaround:
websocat -H="Authorization: Basic $(echo -n [email protected]:s3cr3t | base64)" wss://some.server/
Dupe of #115? Sounds like this was resolved in c320d7970e5d6a1b8f97fd7eeccfdec6bd0851d9?