Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

this isn't really an issue #19

Closed
codahq opened this issue Mar 17, 2019 · 2 comments
Closed

this isn't really an issue #19

codahq opened this issue Mar 17, 2019 · 2 comments

Comments

@codahq
Copy link

codahq commented Mar 17, 2019

hey, super sorry to contact you like this. i didn't want to open an issue because this isn't an issue. how did you reverse the websockets api? i'm trying to recreate this in another language but i'm having a heck of a time even testing the alarm websocket out.

i'm using this client just for ease:
https://chrome.google.com/webstore/detail/browser-websocket-client/mdmlhchldhfnfnkfmljgeinlffmdgkjo/related?hl=en

should i be able to connect to that URL from anywhere or do they have origination restrictions? time limit? how long is the auth code valid from?
wss://${connections_response.server}/?authcode=${connections_response.authCode}

i can telnet to port 443 on the server i'm getting back but if i try to connect to it with a websocket client of any kind the server immediately closes the connection. any hints on how you figured this out? if you want to reach out through another medium feel free. i'm on gmail for example.
@dgreif
Copy link
Owner

dgreif commented Mar 18, 2019
edited
Loading

@codahq I'm happy to discuss your setup here. Hopefully it can be useful if someone else is trying to implement another language down the road. To answer your first question, the initial discovery on the websocket api was done by @joeyberkovitz who submitted a PR to doorbot. The most important take-away from that PR is that ring is using socket.io. He also had some good examples of how to request and interpret the different data types through the websocket connection. Hopefully there is a socket.io client for whichever language you are using, because that will make your life a whole lot easier. Using the socket.io client, I had no issues getting connected. I didn't run into any issues with request origin or timing with the auth token (although I was using it from code, so it there wasn't much delay). Once you are connected, the best way to learn how the interactions work is to pop open dev tools and visit the ring web app to observe the websocket interactions. Let me know if you run into any other roadblocks, and good luck!

@codahq
Copy link
Author

codahq commented Mar 22, 2019

Very interesting. It appears that I was not on current version of the web app until today. This will make some parts of this trivial now that I can see this traffic going through a browser. Until today I was trying MITM with the app. This was okay until the WS calls where they are potentially certificate pinning.

I think there must also be a flag on the account not to allow WS connections on that URL until the web app supports alarm functionality. I'm doing the exact thing today that I did last week that I'm doing today but now it works. Hopefully this helps somebody as well.

@dgreif dgreif closed this as completed May 1, 2019
@Pixol-WoW Pixol-WoW mentioned this issue Dec 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dgreif @codahq