sandbox node core http module in a service worker.
this is part of a security focused research project I am currently working on. as it usually goes for security software, this can be used for good or evil. this can also harm your computer or browser and cause you inconvenience. I do not take any responsibility for any damages caused by this software. proceed at your own risk. absolutely no warranty is provided. you may brick your browser if you do not know how to use this library properly.
if you are new, it is not all hopeless. make sure you understand the intricacies of service workers and its security implications before using this library.
in building progressive web apps and performing client side testing and caching, it is immensely helpful to have something like express or socket.io available in order to reuse packages on npm made for various http interaction needs.
using this library in a bundler allows reuse of applications made for node.js in terms of interaction with the core http module.
creating the http server this way does not involve a network adapter and is thus accessible where environment is restricted. sending requests in browsers is also local and does not involve any network adapter (including loopback).
this library is designed to be used in a bundler like webpack. fakettp is a drop in replacement for node's http module. two requirements should be met to use it in a bundler successfully:
http to fakettp in your bundler config.example webpack config:
npm install fakettp --save-dev
module.exports = {
resolve: {
plugins: [
new webpack.ProvidePlugin({
process: "process/browser",
Buffer: ["buffer", "Buffer"],
URL: ["url", "URL"],
}),
],
fallback: {
http: require.resolve("fakettp"),
util: require.resolve("util/"),
events: require.resolve("events/"),
buffer: require.resolve("buffer/"),
assert: require.resolve("assert/"),
stream: require.resolve("stream-browserify"),
}
},
};
you can use configuration of this repository as reference.
check out the examples that are known to work in samples folder and the webpack config for this repository.
you can create a server and listen like so:
const server = FAKETTP.createServer().on("request", (req, res) => {
req.on('data', (chunk) => {
console.log(`Received ${chunk.length} bytes of data in request body.`);
console.log(`Request chunk: ${chunk.toString()}`);
});
req.on('end', () => {
console.log('No more data in request body.');
});
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('{"yo":"nice"}');
}).listen(443, "google.com");
after that all requests will be intercepted and handled by the service worker.
the host and port to watch for can be configured by passing options to listen.
you can for example send a request to the server like so:
async function postData(data = {}, url = "https://google.com/fake.html") {
const response = await fetch(url, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(data),
});
return response.json();
}
postData({ answer: "browser" }).then((data) => {
console.log(data);
});
you can also close the server like so:
server.close();
and if you attempt to send a request after that, you will get an error:
npm test to run tests.npm run build to build the project.npm run serve to start webpack dev server.npm run watch to watch for changes and rebuild.npx http-serve --cors dist to run production build.working samples:
ext/samples/express.ts: express app with a dynamic route.ext/samples/express-post.ts: express app with a post route.ext/samples/express-static.ts: express app with static files.ext/samples/socket-io.ts: express app with socket io.ext/samples/remote-context: shows the usage of fakettp.html.this is what is known to work good enough for most use cases:
http.createServer([options][, requestListener]) one instance per sessionhttp.METHODS through stream-httphttp.STATUS_CODES through stream-httphttp.get(options[, callback]) through stream-httphttp.get(url[, options][, callback]) through stream-httphttp.request(options[, callback]) through stream-httphttp.request(url[, options][, callback]) through stream-httphttp.ClientRequest through stream-httphttp.Server
'close''connection''request'server.close([callback])server.listen()server.listen(port[, host][, callback])server.listeninghttp.ServerResponse
'close''finish'response.end([data][, encoding][, callback])response.finishedresponse.getHeader(name)response.getHeaderNames()response.getHeaders()response.hasHeader(name)response.headersSentresponse.removeHeader(name)response.setHeader(name, value)response.socketresponse.statusCoderesponse.statusMessageresponse.write(chunk[, encoding][, callback])response.writeHead(statusCode[, statusMessage][, headers])http.IncomingMessage
'close'message.completemessage.destroy([error])message.headersmessage.httpVersionmessage.methodmessage.rawHeadersmessage.socketmessage.statusCodemessage.statusMessagemessage.urlmessage.connectionnet.Socket
'close''data''drain''end''error'socket.address()socket.remoteAddresssocket.remoteFamilysocket.remotePortsocket.bufferSizesocket.bytesReadsocket.bytesWrittensocket.destroy([exception])socket.destroyedsocket.end([data][, encoding][, callback])socket.write(data[, encoding][, callback])FAQs
sandbox node core http module in a service worker.
The npm package fakettp receives a total of 1 weekly downloads. As such, fakettp popularity was classified as not popular.
We found that fakettp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.