Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
mqtt-packet
Advanced tools
The mqtt-packet npm package is a utility for encoding and decoding packets used in MQTT (Message Queuing Telemetry Transport), which is a lightweight messaging protocol for small sensors and mobile devices. It is designed for connections with remote locations where a small code footprint is required and/or network bandwidth is at a premium.
Parsing MQTT Packets
This feature allows you to parse MQTT packets from a buffer. The code sample demonstrates how to create a parser instance, listen for 'packet' events, and parse a buffer containing an MQTT packet.
const mqttPacket = require('mqtt-packet');
const parser = mqttPacket.parser();
parser.on('packet', function(packet) {
console.log(packet);
});
parser.parse(Buffer.from([0x30, 0x02, 0x00, 0x00]));
Generating MQTT Packets
This feature allows you to generate MQTT packets. The code sample shows how to create an MQTT packet object and then generate a buffer that can be sent over a network.
const mqttPacket = require('mqtt-packet');
const packet = {
cmd: 'publish',
messageId: 42,
topic: 'test/topic',
payload: 'test payload',
qos: 0,
retain: false
};
const buffer = mqttPacket.generate(packet);
console.log(buffer);
The 'mqtt' package is a client library for the MQTT protocol. It provides an API for connecting to an MQTT broker, publishing messages, and subscribing to topics. It is more feature-rich than mqtt-packet as it includes the full client functionality, not just packet encoding and decoding.
The 'mqtt-connection' package is a barebone connection package for MQTT that can be used when implementing an MQTT client or server. It provides a simple stream interface for sending and receiving MQTT packets over a network. It is similar to mqtt-packet but includes stream handling capabilities.
The 'aedes-packet' package is a fork of mqtt-packet, which is used by the Aedes MQTT broker. It has similar functionalities to mqtt-packet but is tailored to work seamlessly with the Aedes broker ecosystem.
Encode and Decode MQTT 3.1.1, 5.0 packets the node way.
This library is tested with node v6, v8, v10, v12 and v14. The last version to support older versions of node was mqtt-packet@4.1.2.
npm install mqtt-packet --save
const mqtt = require('mqtt-packet');
const object = {
cmd: 'publish',
retain: false,
qos: 0,
dup: false,
length: 10,
topic: 'test',
payload: 'test' // Can also be a Buffer
};
const opts = { protocolVersion: 4 }; // default is 4. Usually, opts is a connect packet
console.log(mqtt.generate(object))
// Prints:
//
// <Buffer 30 0a 00 04 74 65 73 74 74 65 73 74>
//
// Which is the same as:
//
// Buffer.from([
// 48, 10, // Header (publish)
// 0, 4, // Topic length
// 116, 101, 115, 116, // Topic (test)
// 116, 101, 115, 116 // Payload (test)
// ])
const mqtt = require('mqtt-packet');
const opts = { protocolVersion: 4 }; // default is 4. Usually, opts is a connect packet
const parser = mqtt.parser(opts);
// Synchronously emits all the parsed packets
parser.on('packet', packet => {
console.log(packet)
// Prints:
//
// {
// cmd: 'publish',
// retain: false,
// qos: 0,
// dup: false,
// length: 10,
// topic: 'test',
// payload: <Buffer 74 65 73 74>
// }
})
parser.parse(Buffer.from([
48, 10, // Header (publish)
0, 4, // Topic length
116, 101, 115, 116, // Topic (test)
116, 101, 115, 116 // Payload (test)
]))
// Returns the number of bytes left in the parser
Generates a Buffer
containing an MQTT packet.
The object must be one of the ones specified by the packets
section. Throws an Error
if a packet cannot be generated.
Writes the mqtt packet defined by object
to the given stream.
The object must be one of the ones specified by the packets
section. Emits an Error
on the stream if a packet cannot be generated.
On node >= 0.12, this function automatically calls cork()
on your stream,
and then it calls uncork()
on the next tick.
By default cache for number buffers is enabled.
It creates a list of buffers for faster write. To disable cache set mqtt.writeToStream.cacheNumbers = false
.
Should be set before any writeToStream
calls.
Returns a new Parser
object. Parser
inherits from EventEmitter
and
will emit:
packet
, when a new packet is parsed, according to
packetserror
, if an error happensParses a given Buffer
and emits synchronously all the MQTT packets that
are included. Returns the number of bytes left to parse.
If an error happens, an error
event will be emitted, but no packet
events
will be emitted after that. Calling parse()
again clears the error and
previous buffer, as if you created a new Parser
.
This section describes the format of all packets emitted by the Parser
and that you can input to generate
.
{
cmd: 'connect',
protocolId: 'MQTT', // Or 'MQIsdp' in MQTT 3.1 and 5.0
protocolVersion: 4, // Or 3 in MQTT 3.1, or 5 in MQTT 5.0
clean: true, // Can also be false
clientId: 'my-device',
keepalive: 0, // Seconds which can be any positive number, with 0 as the default setting
username: 'matteo',
password: Buffer.from('collina'), // Passwords are buffers
will: {
topic: 'mydevice/status',
payload: Buffer.from('dead'), // Payloads are buffers
properties: { // MQTT 5.0
willDelayInterval: 1234,
payloadFormatIndicator: false,
messageExpiryInterval: 4321,
contentType: 'test',
responseTopic: 'topic',
correlationData: Buffer.from([1, 2, 3, 4]),
userProperties: {
'test': 'test'
}
}
},
properties: { // MQTT 5.0 properties
sessionExpiryInterval: 1234,
receiveMaximum: 432,
maximumPacketSize: 100,
topicAliasMaximum: 456,
requestResponseInformation: true,
requestProblemInformation: true,
userProperties: {
'test': 'test'
},
authenticationMethod: 'test',
authenticationData: Buffer.from([1, 2, 3, 4])
}
}
If protocolVersion
is 3, clientId
is mandatory and generate
will throw if
missing.
If password
or will.payload
are passed as strings, they will
automatically be converted into a Buffer
.
{
cmd: 'connack',
returnCode: 0, // Or whatever else you see fit MQTT < 5.0
sessionPresent: false, // Can also be true.
reasonCode: 0, // reason code MQTT 5.0
properties: { // MQTT 5.0 properties
sessionExpiryInterval: 1234,
receiveMaximum: 432,
maximumQoS: 2,
retainAvailable: true,
maximumPacketSize: 100,
assignedClientIdentifier: 'test',
topicAliasMaximum: 456,
reasonString: 'test',
userProperties: {
'test': 'test'
},
wildcardSubscriptionAvailable: true,
subscriptionIdentifiersAvailable: true,
sharedSubscriptionAvailable: false,
serverKeepAlive: 1234,
responseInformation: 'test',
serverReference: 'test',
authenticationMethod: 'test',
authenticationData: Buffer.from([1, 2, 3, 4])
}
}
The only mandatory argument is returnCode
, as generate
will throw if
missing.
{
cmd: 'subscribe',
messageId: 42,
properties: { // MQTT 5.0 properties
subscriptionIdentifier: 145,
userProperties: {
test: 'test'
}
}
subscriptions: [{
topic: 'test',
qos: 0,
nl: false, // no Local MQTT 5.0 flag
rap: true, // Retain as Published MQTT 5.0 flag
rh: 1 // Retain Handling MQTT 5.0
}]
}
All properties are mandatory.
{
cmd: 'suback',
messageId: 42,
properties: { // MQTT 5.0 properties
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
granted: [0, 1, 2, 128]
}
All the granted qos must be < 256, as they are encoded as UInt8. All properties are mandatory.
{
cmd: 'unsubscribe',
messageId: 42,
properties: { // MQTT 5.0 properties
userProperties: {
'test': 'test'
}
}
unsubscriptions: [
'test',
'a/topic'
]
}
All properties are mandatory.
{
cmd: 'unsuback',
messageId: 42,
properties: { // MQTT 5.0 properties
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
All properties are mandatory.
{
cmd: 'publish',
messageId: 42,
qos: 2,
dup: false,
topic: 'test',
payload: Buffer.from('test'),
retain: false,
properties: { // optional properties MQTT 5.0
payloadFormatIndicator: true,
messageExpiryInterval: 4321,
topicAlias: 100,
responseTopic: 'topic',
correlationData: Buffer.from([1, 2, 3, 4]),
userProperties: {
'test': 'test'
},
subscriptionIdentifier: 120, // can be an Array in message from broker, if message included in few another subscriptions
contentType: 'test'
}
}
Only the topic
property is mandatory.
Both topic
and payload
can be Buffer
objects instead of strings.
messageId
is mandatory for qos > 0
.
{
cmd: 'puback',
messageId: 42,
reasonCode: 16, // only for MQTT 5.0
properties: { // MQTT 5.0 properties
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
The only mandatory property is messageId
, as generate
will throw if
missing.
{
cmd: 'pubrec',
messageId: 42,
reasonCode: 16, // only for MQTT 5.0
properties: { // properties MQTT 5.0
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
The only mandatory property is messageId
, as generate
will throw if
missing.
{
cmd: 'pubrel',
messageId: 42,
reasonCode: 16, // only for MQTT 5.0
properties: { // properties MQTT 5.0
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
The only mandatory property is messageId
, as generate
will throw if
missing.
{
cmd: 'pubcomp',
messageId: 42,
reasonCode: 16, // only for MQTT 5.0
properties: { // properties MQTT 5.0
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
The only mandatory property is messageId
, as generate
will throw if
missing.
{
cmd: 'pingreq'
}
{
cmd: 'pingresp'
}
{
cmd: 'disconnect',
reasonCode: 0, // MQTT 5.0 code
properties: { // properties MQTT 5.0
sessionExpiryInterval: 145,
reasonString: 'test',
userProperties: {
'test': 'test'
},
serverReference: 'test'
}
}
{
cmd: 'auth',
reasonCode: 0, // MQTT 5.0 code
properties: { // properties MQTT 5.0
authenticationMethod: 'test',
authenticationData: Buffer.from([0, 1, 2, 3]),
reasonString: 'test',
userProperties: {
'test': 'test'
}
}
}
mqtt-packet is an OPEN Open Source Project. This means that:
Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.
See the CONTRIBUTING.md file for more details.
mqtt-packet is only possible due to the excellent work of the following contributors:
Matteo Collina | GitHub/mcollina | Twitter/@matteocollina |
---|---|---|
Adam Rudd | GitHub/adamvr | Twitter/@adam_vr |
Peter Sorowka | GitHub/psorowka | Twitter/@psorowka |
Siarhei Buntsevich | GitHub/scarry1992 |
MIT
FAQs
Parse and generate MQTT packets like a breeze
The npm package mqtt-packet receives a total of 611,673 weekly downloads. As such, mqtt-packet popularity was classified as popular.
We found that mqtt-packet demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.