I was trying to connect to an android application using websocket python on pc but idk why I always get 400 Bad Request. While when I intercept the data using Burp Suite and try to connect manually, its connected.
This is the request code on Burp Suite:
GET /socketcluster/?appsession= HTTP/1.1
Host: myapps.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; Google Pixel Build/PI; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.186 Mobile Safari/537.36 MYAPPS | v 5.3.54 | release | android
Upgrade: websocket
Origin: https://myapps
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
X-Requested-With: com.myapps
Sec-WebSocket-Key: 9GQi1yBrveJ8M8tuRjsI2Q==
And this is the response:
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Mon, 16 Aug 2021 23:56:10 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SX0jMRO5lquGN7ac1MM5DKMkCn8=
Strict-Transport-Security: max-age=63072000; includeSubDomains
I'm try to connect using an exact headers but it still won't connect. This is my python code:
import websocket
header = {
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"User-Agent": "Mozilla/5.0 (Linux; Android 9; Google Pixel Build/PI; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.186 Mobile Safari/537.36 MYAPPS | v 5.3.54 | release | android",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "en-US,en;q=0.9",
"X-Requested-With": "com.myapps",
}
websocket.enableTrace(True)
url = "wss://myapps.com/socketcluster?appsession="
ws = websocket.WebSocket()
ws.connect(url, header=header, origin="https://myapps")
And this is the response I get:
--- request header ---
GET /socketcluster?appsession= HTTP/1.1
Upgrade: websocket
Host: myapps.com
Origin: https://myapps
Sec-WebSocket-Key: s59MrUPCQ2UgRrYRjJoUeA==
Sec-WebSocket-Version: 13
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Linux; Android 9; Google Pixel Build/PI; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.186 Mobile Safari/537.36 MYAPPS | v 5.3.54 | release | android
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
X-Requested-With: com.myapps
-----------------------
--- response header ---
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 17 Aug 2021 00:59:59 GMT
Content-Type: text/html
Content-Length: 11
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubDomains
-----------------------
Traceback (most recent call last):
File "C:\Users\xxx\OneDrive\Desktop\websocket\client.py", line 45, in <module>
ws.connect(url, header=header, origin="https://myapps")
File "C:\Users\xxx\AppData\Local\Programs\Python\Python39\lib\site-packages\websocket\_core.py", line 253, in connect
self.handshake_response = handshake(self.sock, *addrs, **options)
File "C:\Users\xxx\AppData\Local\Programs\Python\Python39\lib\site-packages\websocket\_handshake.py", line 57, in handshake
status, resp = _get_resp_headers(sock)
File "C:\Users\xxx\AppData\Local\Programs\Python\Python39\lib\site-packages\websocket\_handshake.py", line 143, in _get_resp_headers
raise WebSocketBadStatusException("Handshake status %d %s", status, status_message, resp_headers)
websocket._exceptions.WebSocketBadStatusException: Handshake status 400 Bad Request
I also try to use WebSocketApp which not leaving any traceback but still got 400 Bad Request. Any help?
