Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting unexpected messages from some clients #685

Open
weary-adventurer opened this issue Jun 27, 2023 · 2 comments
Open

Getting unexpected messages from some clients #685

weary-adventurer opened this issue Jun 27, 2023 · 2 comments
Labels
question Further information is requested

Comments

@weary-adventurer
Copy link

I'm using Engine.IO in my application primarily as a WebSocket wrapper with a long-polling fallback to work around firewalls.

My server is a Node.JS script that uses Engine.IO 6.5.0 and the client is a website that uses Engine.IO-Client 6.5.0.

All packets are sent by client and server in binary format.

Client is sending data like this:

const socket = new eio("wss://example.com", {transports: ["polling", "websocket"]});
socket.binaryType = "arraybuffer";
socket.on("open", () => {
    const data = new Uint8Array(48);
    // fill data with known values
    socket.send(data);
});

Server is receiving data like this:

const eio = EngineIO.attach(server, {
    transports: ["polling", "websocket"],
    cors: {
        origin: "*",
        methods: "GET,HEAD,PUT,PATCH,POST,DELETE"
    }
});

eio.on("connection", (socket) => {
    // ...
    socket.once("message", (msg) => {
        assert(Buffer.isBuffer(msg));
        assert(msg.length === 48);
        const foo = msg.subarray(...);
        // ...
    });
});

Almost every client is sending and receiving messages correctly (I get 48 bytes and msg is a Buffer).

However, every day I get 1-2 clients that are sending something unexpected.

In the socket.once("message") callback, the msg that these clients send is ALWAYS:

  • A Uint8Array instead of Buffer or String
  • Has a length of 1 instead of 48
  • Contains [0x08] instead of my data

The user agents of these clients are:

  • Mozilla/5.0 (PlayStation Vita 3.74) AppleWebKit/537.73 (KHTML, like Gecko) Silk/3.2
  • Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2163 Mobile Safari/537.35+
  • Mozilla/5.0 (SMART-TV; Linux; Tizen 2.4.0) AppleWebkit/538.1 (KHTML, like Gecko) SamsungBrowser/1.1 TV Safari/538.1
@weary-adventurer weary-adventurer added the bug Something isn't working label Jun 27, 2023
@darrachequesne
Copy link
Member

Hi! Do you think these are real clients trying to reach your application, or rather malicious clients sending junk?

A Uint8Array instead of Buffer or String

This one is weird though, the data should always be either a Buffer or a string. I'm digging into this.

@darrachequesne darrachequesne added question Further information is requested and removed bug Something isn't working labels Aug 17, 2023
@weary-adventurer
Copy link
Author

I think it's extremely unlikely that these are fake or malicious clients. The access log also checks out so I think they are real.

Here are the unique user agents of all the clients that do this so far:

Mozilla/5.0 (BB10; Kbd) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.3216 Mobile Safari/537.35+
Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.3.2163 Mobile Safari/537.35+
Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
Mozilla/5.0 (Linux; Tizen 2.4; SAMSUNG SM-Z200F) AppleWebKit/537.3 (KHTML, like Gecko) SamsungBrowser/1.1 Mobile Safari/537.3
Mozilla/5.0 (Linux; Tizen 2.4; SAMSUNG SM-Z200Y) AppleWebKit/537.3 (KHTML, like Gecko) SamsungBrowser/1.1 Mobile Safari/537.3
Mozilla/5.0 (Linux; U; Android 2.0; en-us;) AppleWebKit/538.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/538.1 (Kobo Touch 0376/4.37.21586)
Mozilla/5.0 (Linux; U; Android 2.0; en-us;) AppleWebKit/538.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/538.1 (Kobo Touch 0377/4.37.21533)
Mozilla/5.0 (Linux; U; Android 2.0; en-us;) AppleWebKit/538.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/538.1 (Kobo Touch 0377/4.37.21586)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0) Gecko/20100101 Firefox/10.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.7.12 (KHTML, like Gecko) Version/7.1.7 Safari/537.85.16
Mozilla/5.0 (PlayStation Vita 3.73) AppleWebKit/537.73 (KHTML, like Gecko) Silk/3.2
Mozilla/5.0 (PlayStation Vita 3.74) AppleWebKit/537.73 (KHTML, like Gecko) Silk/3.2
Mozilla/5.0 (SMART-TV; Linux; Tizen 2.3) AppleWebkit/538.1 (KHTML, like Gecko) SamsungBrowser/1.0 TV Safari/538.1
Mozilla/5.0 (SMART-TV; Linux; Tizen 2.4.0) AppleWebkit/538.1 (KHTML, like Gecko) SamsungBrowser/1.1 TV Safari/538.1

In every case, I get a Uint8Array in the socket.on("message") callback.
It always has a length of 1, and the only element is always 8.

I don't know if any other messages come because I disconnect the client if the message is not a Buffer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@darrachequesne @weary-adventurer