Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
s s
.uef^" :8 :8 ..
:d88E .88 .88 @L
`888E :888ooo :888ooo 9888i .dL
888E .z8k -*8888888 -*8888888 `Y888k:*888.
888E~?888L 8888 8888 888E 888I
888E 888E 8888 8888 888E 888I
888E 888E 8888 8888 888E 888I
888E 888E .8888Lu= .8888Lu= 888E 888I
888E 888E ^%888* ^%888* x888N><888'
m888N= 888> 'Y" 'Y" "88" 888
`Y" 888 __ .__ 88F
J88" _/ |_| |__ ____ 98"
@% \ __\ | \_/ __ \ ./"
:" | | | Y \ ___/ ~`
|__| |___| /\___ >
__________\/_____\/____________________
/ | \__ ___/\__ ___/\______ \
/ ~ \| | | | | ___/
\ Y /| | | | | |
\___|_ / |____| |____| |____|
______\/___________________.___.
\__ ___/\__ ___/\__ | |
| | | | / | |
| | | | \____ |
|____| |____| / ______|
\/
htty is a console application for interacting with web servers. It’s a fun way to explore web APIs and to learn the ins and outs of HTTP.
See what’s changed lately by reading the project history.
It couldn’t be much easier.
$ gem install htty
You’ll need Ruby and RubyGems. It’s known to work well under OS X against Ruby v1.8.7, v1.9.2, v1.9.3, v2.0, v2.1, and v2.2.
The things you can do with htty are:
Here are a few annotated htty session transcripts to get you started (terminal screenshots shown here are also available in textual form).
This simple example shows how to explore a read-only web service with htty.
You can point htty at a complete or partial web URL. If you don’t supply a URL, http://0.0.0.0/ (port 80) will be used. You can vary the protocol scheme, userinfo, host, port, path, query string, and fragment as you wish.
The htty shell prompt shows the address of the current request.
The get
command is one of seven HTTP request methods supported. A concise summary of the response is shown when you issue a request.
You can follow redirects using the follow
command. No request is made until you type a request command such as get
or post
.
You can tweak segments of the address at will. Here we are navigating the site’s path hierarchy, which you can do with relative as well as absolute pathspecs.
Here we add query-string parameters. Notice that characters that require URL encoding are automatically URL-encoded (unless they are part of a URL-encoded expression).
The headers-response
and body-response
commands reveal the details of a response.
There was some cruft in the web service’s response (a horizontal line, a passage reference, verse numbers, a copyright stamp, and line breaks). We eliminate it by using API options provided by the web service we’re talking to.
We do a Julia Child maneuver and use the address
command to change the entire URL, rather than add individual query-string parameters one by one.
Exit your session at any time by typing quit
or hitting Ctrl-D.
The next example demonstrates htty’s HTTP Secure support and cookies features, as well as how to review and revisit past requests.
The https:// scheme and port 443 imply each other, just as the http:// scheme and port 80 imply each other. If you omit the scheme or the port, it will default to the appropriate value.
Notice that when cookies are offered in a response, a bold asterisk (it looks like a cookie) appears in the response summary. The same cookie symbol appears next to the Set-Cookie header when you display response headers.
The cookies-use
command copies cookies out of the response into the next request. The cookie symbol appears next to the Cookie header when you display request headers.
An abbreviated history is available through the history
command. Information about requests in the history includes request method, URL, number of headers (and a cookie symbol, if cookies were sent), and the size of the body. Information about responses in the history includes response code, number of headers (and a cookie symbol, if cookies were received), and the size of the body.
Note that history contains only numbered HTTP request and response pairs, not a record of all the commands you enter.
The reuse
command makes a copy of the headers and body of an earlier request for you to build on.
Now we’ll look at htty’s HTTP Basic Authentication support and learn how to display unabbreviated transcripts of htty sessions.
Assume that we have the following Sinatra application listening on Sinatra’s default port, 4567.
require 'sinatra'
get '/all-good' do
[200, [['Set-Cookie', 'foo=bar; baz']], 'Hello World!']
end
put '/huh' do
[404, 'What?']
end
delete '/hurl' do
[500, 'Barf!']
end
post '/submit-novel' do
redirect '/all-good'
end
This application expects GET and POST requests and responds in various contrived ways.
When you change the userinfo portion of the address, or the entire address, the appropriate HTTP Basic Authentication header is created for you automatically. Notice that characters that require URL encoding are automatically URL-encoded (unless they are part of a URL-encoded expression).
When userinfo is supplied in a request, a bold mercantile symbol ( @ ) appears next to the resulting Authorization header when you display request headers (see below).
Type body-set
to enter body data, and terminate it by entering two consecutive blank lines, or by hitting Ctrl-D. The body will only be sent for POST and PUT requests. The appropriate Content-Length header is created for you automatically (see below).
Different response codes are rendered with colors that suggest their meaning:
As with the abbreviated history demonstrated earlier, verbose history shows a numbered list of requests and the responses they elicited. All information exchanged between client and server is shown.
You can learn how to use htty commands from within htty.
The help
command takes an optional argument of the abbreviated or full name of a command.
Report defects and feature requests on GitHub Issues.
Your patches are welcome, and you will receive attribution here for good stuff. Fork the official htty repository and send a pull request.
After cloning the repository, bin/setup
to install dependencies. Then rake
to run the tests. You can also bin/console
to get an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, bundle exec rake install
. To release a new version, update the version number in lib/htty/version.rb, and then bundle exec rake release
, which will create a Git tag for the version, push Git commits and tags, and push the .gem file to RubyGems.org.
Stay in touch with the htty project by following @get_htty on Twitter.
You can also get help in the #htty channel on Freenode.
The author, Nils Jonsson, owes a debt of inspiration to the http-console project.
Thanks to contributors (in alphabetical order):
Released under the MIT License.
FAQs
Unknown package
We found that htty demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.