Possible hacking attempts - how can I examine WebSocket requests? (edited)

Help Networking
1

Godot Version

4.3

Question

I am using the WebSocket Chat Demo (changed to use wss)

I ran my server without running my client, and got these errors, which, I think, means someone’s trying to hack into my server.

How can I examine the WebSocket requests to find out what the hackers are attempting to do?

Thanks


E 0:21:03:0455   WebSocketServer.gd:168 @ _connect_pending(): Not enough response headers, got: 3, expected >= 4.
  <C++ Error>    Condition "len < 4" is true. Returning: false
  <C++ Source>   modules/websocket/wsl_peer.cpp:156 @ _parse_client_request()
  <Stack Trace>  WebSocketServer.gd:168 @ _connect_pending()
                 WebSocketServer.gd:141 @ poll()
                 WebSocketServer.gd:210 @ _process()

E 0:42:36:0195   WebSocketServer.gd:168 @ _connect_pending(): Invalid method or HTTP version.
  <C++ Error>    Condition "req[0] != "GET" || req[2] != "HTTP/1.1"" is true. Returning: false
  <C++ Source>   modules/websocket/wsl_peer.cpp:162 @ _parse_client_request()
  <Stack Trace>  WebSocketServer.gd:168 @ _connect_pending()
                 WebSocketServer.gd:141 @ poll()
                 WebSocketServer.gd:210 @ _process()

E 0:30:07:0949   WebSocketServer.gd:168 @ _connect_pending(): Missing or invalid header 'upgrade'. Expected value 'websocket'.
  <C++ Error>    Condition "!headers.has("upgrade") || headers["upgrade"].to_lower() != "websocket"" is true. Returning: false
  <C++ Source>   modules/websocket/wsl_peer.cpp:183 @ _parse_client_request()
  <Stack Trace>  WebSocketServer.gd:168 @ _connect_pending()
                 WebSocketServer.gd:141 @ poll()
                 WebSocketServer.gd:210 @ _process()
2

It sounds like you need some better logging. It looks like you already have some logic to parse the incoming requests - that would be a good place for some print statements that display the full incoming request, but I would also recommend writing the to a file so that if your program crashes you can go back through the logs later.

There are quite a few logging assets you can find here: Godot Asset Library

On another note, there are TONS of automated bots crawling the internet looking for any open doors they can find. So its probably not someone specifically targeting you, but many different webcrawlers trawling for vulnerabilities.

1 Like
3

Thanks for responding, but unfortunately that’s what I was asking for help with, as I don’t know how to display the request.

modules/websocket/wsl_peer.cpp is core Godot code, not my code.

4

Ah, seems I underestimated the problem. From what I remember about websockets, you should be able to call something like this after you do something like ws_server.poll() in the _process():

for id in ws_server.get_connected_peers():
    var peer = ws_server.get_peer(id)
    var requested_url = peer.get_requested_url()
    print("Requested URL from client ID %s: %s" % [id, requested_url])
    var headers = peer.get_handshake_headers()
    if headers:
          print("Handshake headers from client ID %s:" % id)
          for key in headers.keys():
              print("%s: %s" % [key, headers[key]])

Though, your setup may be quite different… If thats not deep enough you might be in WireShark territory - but I’m no expert.