https://stackoverflow.com/questions/23253861
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianWebSocket protocol defines that frame data must be masked when client sends them to server. So You should be able to see what is coming from server in plan text, but frames from client to server should not be readable.
I'm not sure what Wireshark currently provides in terms of websocket frames inspection, but you maybe can to plug something in that. Following is websocket frame format (taken from chapter 5.2, RFC6455)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-------+-+-------------+-------------------------------+
|F|R|R|R| opcode|M| Payload len | Extended payload length |
|I|S|S|S| (4) |A| (7) | (16/64) |
|N|V|V|V| |S| | (if payload len==126/127) |
| |1|2|3| |K| | |
+-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
| Extended payload length continued, if payload len == 127 |
+ - - - - - - - - - - - - - - - +-------------------------------+
| |Masking-key, if MASK set to 1 |
+-------------------------------+-------------------------------+
| Masking-key (continued) | Payload Data |
+-------------------------------- - - - - - - - - - - - - - - - +
: Payload Data continued ... :
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
| Payload Data continued ... |
+---------------------------------------------------------------+
To be able to see "plaintext" data from client to server, you need to unmask them - XOR Masking key to your payload.
