20 مستودعات
Security controls for persistent WebSocket connections including authentication and input validation.
Distinguishing note: Focuses on stateful connection security, distinct from stateless HTTP security.
Explore 20 awesome GitHub repositories matching security & cryptography · WebSocket Security. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Secures persistent connections through authentication and input validation to prevent data injection.
NATS Server is a high-performance, lightweight messaging system designed for cloud-native applications, edge computing, and distributed microservices. It functions as a distributed publish-subscribe broker that routes messages using hierarchical, dot-separated subject strings, enabling decoupled communication between services without requiring centralized broker lookups. The system supports core messaging patterns including asynchronous publish-subscribe, request-reply, and load-balanced queue processing. The platform distinguishes itself through a decentralized architecture that eliminates t
Validates incoming WebSocket connections using various security methods including tokens, certificates, and identity-based credentials.
Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s
Enforces strict schema constraints on incoming WebSocket messages to ensure data integrity.
This is a header-only C++ library that provides implementations for HTTP clients, HTTP servers, and a WebSocket framework. It allows for the creation of network services and the consumption of remote APIs without requiring a separate compilation step or external binary linking. The project features backend-agnostic TLS integration for secure HTTPS and WSS communication and employs a thread-pool model to process concurrent requests. It distinguishes itself with a full-duplex WebSocket state-machine and a middleware-based request pipeline that supports regular-expression path routing. The libr
Provides secure WebSocket communication using the wss scheme and certificate verification.
Java-WebSocket is a collection of classes for implementing WebSocket clients and servers using pure Java. It provides a framework for hosting servers that manage connections via event-driven subclasses and tools for establishing client connections to remote servers. The library includes a secure communication tool for encrypting traffic using the WSS protocol and a compression library that uses per-message deflate extensions to reduce transmitted data size. It supports the configuration of cipher suites to limit encryption protocols and ensure compatible communication. The project enables bi
Supports secure communication using the WSS protocol and certificate management to protect data streams.
gqlgen is a schema-first Go library designed to build type-safe GraphQL servers. It functions as a code generation engine that transforms declarative GraphQL schema definitions into strongly-typed Go source code, ensuring strict alignment between the API contract and the underlying implementation. The framework distinguishes itself through its deep integration with the Go type system and its highly extensible build pipeline. By using schema-first development, it automates the creation of server boilerplate and resolver stubs, allowing developers to map schema fields directly to Go structs and
Validates initial connection payloads during the handshake process to verify user identity for subscriptions.
SocketRocket is an Objective-C WebSocket client library designed to establish bidirectional real-time communication channels between an application and a server. It provides a networking layer for real-time data streaming, utilizing a heartbeat monitor to maintain the stability of active network streams. The library is built to operate across restricted networks by routing traffic through HTTP proxies. It secures data transmission using TLS encryption and SSL certificate pinning to prevent unauthorized interception of network traffic. Its underlying capabilities include low-level TCP socket
Encrypts data transfers using TLS and SSL certificate pinning to prevent unauthorized interception.
Starscream is a Swift WebSocket client library that provides a concrete implementation of the WebSocket protocol for iOS and macOS applications. It functions as an event-driven wrapper for establishing and managing bidirectional connections to send and receive text and binary frames over TCP. The library includes a secure WebSocket client capable of encrypting traffic and validating server identities. It manages the full connection lifecycle, from the initial handshake and header exchange to session termination with custom close codes. The project covers a broad range of networking capabilit
Implements encrypted communication channels and security controls to protect data transmitted via WebSockets.
Websocat is a specialized set of command-line tools for WebSocket communication, acting as a client, server, and stream processor. It provides a terminal-based interface for connecting to WebSocket servers, hosting secure WebSocket servers, and bridging data between WebSockets and other network transports. The project distinguishes itself by functioning as a bidirectional network relay, allowing the routing of data between WebSocket streams, TCP sockets, UNIX sockets, and standard system input and output. It includes specialized implementations for SOCKS5 and HTTP proxying, as well as a strea
Establishes secure, encrypted WebSocket connections using TLS or static symmetric keys.
Javalin is a lightweight web framework for Java and Kotlin designed for building REST APIs and web applications. It functions as an embedded Jetty web server, allowing applications to run as standalone processes without the need for an external servlet container. The project provides specialized frameworks for diverse communication patterns, including a REST API framework with automatic OpenAPI schema generation, a GraphQL API framework with query and mutation resolvers, and a WebSocket server for bidirectional real-time communication. It also includes a dedicated framework for pushing real-t
Provides handlers to perform authentication and validation during the WebSocket upgrade process.
netty-socketio is a Java implementation of a Socket.IO server designed for real-time bidirectional communication between clients and servers. It functions as a real-time event engine and WebSocket communication server, utilizing the Netty network framework to manage high-performance socket connections. The project enables distributed socket server scaling by acting as a distributed message broker. It synchronizes client states and broadcasts messages across multiple server nodes through the use of an external data store. The system manages traffic via namespace-based connection routing and r
Protects real-time data transfers using encryption and security certificates to secure stateful WebSocket connections.
Proxyman is a cross-platform HTTP debugging proxy that captures, inspects, and modifies HTTP, HTTPS, and WebSocket traffic. It functions as a man-in-the-middle proxy, decrypting SSL/TLS traffic to allow real-time inspection and modification of encrypted requests and responses. The tool is designed for debugging web and mobile applications, with capabilities for API mocking and simulation, scriptable traffic modification, and team collaboration on network logs. What distinguishes Proxyman is its deep integration with mobile and cross-platform development workflows. It provides automated certif
Captures WebSocket and Secure WebSocket messages from browsers, mobile devices, and local applications.
websocket-sharp هي مكتبة C# لتنفيذ بروتوكول WebSocket تُستخدم لبناء تطبيقات العميل والخادم ثنائية الاتجاه. تتيح تبادل البيانات في الوقت الفعلي بين نقاط النهاية عبر اتصالات مستمرة. توفر المكتبة قدرات شبكات متخصصة، بما في ذلك شبكات مشفرة بـ SSL للنقل الآمن والتحقق من الشهادات. كما تتميز بنفق وكيل HTTP لتوجيه حركة المرور عبر خوادم وسيطة باستخدام مصادقة أساسية أو ملخصة. يغطي المشروع نطاقاً واسعاً من القدرات، بما في ذلك تنفيذ عملاء وخوادم WebSocket، وتوجيه الخدمة القائم على المسار، والقدرة على بث الرسائل إلى عملاء متعددين. يتضمن المشروع دعماً لإدارة بيانات تعريف المصافحة (handshake) وضغط الحمولة لتقليل حجم نقل البيانات.
Provides security controls for persistent connections, including SSL/TLS encryption and certificate validation.
Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a
Inspects WebSocket traffic for malicious patterns and enforces security policies on WebSocket communications.
NGINX Unit is an open-source application server designed to natively execute code across multiple programming language runtimes and WebAssembly within a single process. It serves as a multi-language application server that can run applications written in Go, Java, Node.js, Perl, PHP, Python, Ruby, and WebAssembly side by side, without requiring separate runtime environments for each language. The server distinguishes itself through a RESTful JSON control API that enables dynamic, zero-downtime configuration changes without restarting the server. It combines event-driven asynchronous I/O with
Validates WebSocket payload lengths in the Java language module to prevent infinite loops and excessive CPU consumption.
Beast هي مكتبة C++ لتنفيذ عملاء وخوادم HTTP وWebSocket منخفضة المستوى. تعمل كإطار عمل للشبكات غير المتزامنة مصمم لتركيب عمليات الإدخال/الإخراج غير المحظورة (non-blocking I/O) ومكدسات التدفق الطبقية لإدارة حركة مرور الشبكة المتزامنة، وتحديداً باستخدام نموذج Boost.Asio غير المتزامن. توفر المكتبة تنفيذاً شاملاً لبروتوكولات HTTP/1.1 وWebSocket. بالنسبة لـ HTTP، تتضمن بدائيات لتحليل وتسلسل الرسائل مع دعم لترميز النقل المجزأ (chunked transfer encoding)، وقراءة الجسم التزايدية، وخطوط أنابيب الطلبات. يغطي تنفيذ WebSocket دورة الحياة الكاملة للاتصال ثنائي الاتجاه، بما في ذلك المصافحات، والتفاوض على البروتوكول الفرعي، وتجزئة الرسائل، ومراقبة الحيوية عبر إطارات التحكم. تتضمن Beast مجموعة متخصصة من الأدوات لإدارة مخازن الشبكة المؤقتة لتحسين الإدخال/الإخراج من نوع scatter-gather من خلال مخازن ذاكرة ديناميكية وقائمة على التسلسل. كما تغطي اتصالات الشبكة الآمنة عبر دمج طبقات SSL/TLS للتدفقات المشفرة، ومصادقة الشهادات، وإنهاء الاتصال الآمن. يوفر إطار العمل تجريدات عبر المنصات للإدخال/الإخراج للملفات وإدارة إشارات النظام لدعم تطوير تطبيقات شبكة مستقرة.
Wraps WebSocket streams in an SSL/TLS layer to provide encrypted bidirectional communication.
هذا المشروع عبارة عن معمارية مؤسسية شاملة لبناء أنظمة موزعة متعددة المستأجرين، تم تنفيذها كمنصة خدمات مصغرة Spring Cloud. يوفر إطار عمل كاملاً لإدارة الخدمات المصغرة، مع التركيز على معمارية بيانات متعددة المستأجرين وتوفير الهوية المركزية. تتميز المنصة بنهجها المتكامل للهوية والأمان، حيث تستخدم مزود هوية OAuth2 لإدارة تسجيل الدخول الموحد، والتحكم في الوصول القائم على الأدوار، وإصدار رموز JWT عبر الخدمات الموزعة. كما تفصل الحدود التنظيمية من خلال عزل بيانات متعدد المستأجرين، مما يضمن تقسيم الموارد والبيانات منطقياً أو فيزيائياً بين المستأجرين المختلفين. يغطي النظام سطحاً واسعاً من القدرات الموزعة، بما في ذلك حوكمة الخدمة من خلال توجيه بوابة API وكسر الدائرة، وتنسيق البيانات عبر المعاملات الموزعة وآليات القفل. كما يتضمن مكدس مراقبة موزع لتتبع الطلبات والسجلات المركزية، إلى جانب مزامنة محرك البحث في الوقت الفعلي والمراسلة غير المتزامنة القائمة على الأحداث. يتم دعم سير عمل التطوير من خلال أدوات أتمتة لإنشاء كود التطبيق وتغليف الملفات الثنائية الخاصة بالمنصة.
Secures real-time communication by authenticating WebSocket handshakes before establishing connections.
HttpRunner is a multi-protocol network testing framework designed for automating functional and regression tests of HTTP interfaces. It functions as a multi-protocol network tester supporting HTTP/1.1, HTTP/2, WebSocket, TCP, and RPC to validate diverse communication patterns. The project includes specialized engines for API performance testing, data-driven testing, and a test case generator that converts HAR files, curl commands, and Swagger definitions into executable scripts. The framework is distinguished by its ability to separate test logic from business data via a data-driven execution
The project extracts parameters from responses and performs assertions on returned data to verify communication correctness.
WebSocket-Node is a server-side implementation of the WebSocket protocol for Node.js environments. It serves as a framework for establishing persistent, bidirectional communication channels and low-latency data exchange between clients and servers. The project provides a secure socket implementation using transport layer security and includes an integrated client for establishing outbound encrypted connections. It utilizes a formal protocol-state machine and an event-driven connection framework to manage high-concurrency network streams. The framework covers server-side infrastructure includ
Implements security controls for persistent WebSocket connections, including transport layer encryption.
This is a Python WebSocket client library designed to establish full-duplex, persistent network connections for real-time exchange of text and binary data. It functions as an asynchronous network client and a TCP socket wrapper, managing the complete lifecycle of a connection from the initial handshake to graceful closure. The implementation includes a secure WebSocket client that handles SSL/TLS encryption, certificate verification, and secure handshake protocols. It further distinguishes itself by supporting advanced connectivity options, including proxy routing via HTTP or SOCKS proxies an
Implements security controls for persistent WebSocket connections including SSL/TLS encryption and certificate verification.