qxip / webshark Goto Github PK

View Code? Open in Web Editor NEW

123.0 9.0 33.0 31.83 MB

webShark: Wireshark & PCAPs in your browser, 100% Open-Source Cloudshark alternative based on sharkd

License: GNU Affero General Public License v3.0

Dockerfile 3.71% Shell 3.80% HTML 57.41% JavaScript 35.09%

wireshark sharkd webshark packet-capture dissection tshark browser cubro qxip cloudshark

webshark's Introduction

webshark-ng

webShark is a Wireshark-like webapp powered by sharkd and all its dissectors 🕵️

Client-Side RTP playback powered by WASM/ffmpeg 🚀

Instructions

Mount your PCAP content directory to location /captures and launch webshark

Run with Compose

docker-compose up -d

Run Manually

docker run -ti --rm -p 8085:8085 -v $(pwd)/captures:/captures ghcr.io/qxip/webshark:latest

Usage

Browse to your webshark-ng instance, ie: http://localhost:8085/webshark

Credits

This program is free software based on a fork of GPLv2 webshark by Jakub Zawadzki and sponsored by qxip

Dissections powered by tshark sharkd from Wireshark Project. See LICENSE for details

webshark's People

Contributors

Stargazers

Watchers

webshark's Issues

Extraneous files in repo

I've noticed some extraneous/old files in the repository. Does anyone have a problem with deleting the following? I think they could lead to confusion down the road.

web/js/webshark-app.js - generated from other files, probably shouldn't be under version control
sharkd/* with the exception of sharkd/build.sh - shouldn't be needed since we only use the wireshark repo

Read pcaps from subdirectory

Noticed that pcaps under /captures subdirectories are not considered.

req is not a valid member name

I have tried to run this project in my local environment.
sharkd is running and I have ran the apis on :8085 port. I have tested webshark/upload Post api and webshark/json?req=files Get API from postman and it seems working.

Though I am having a problems with other Get apis like webshark/json?req=info I am getting following output -

{"jsonrpc":"2.0","id":0,"error":{"code":-32600,"message":"req is not a valid member name"}} .

I don't understand if I am missing anything.

Also When I open the url is browser , The UI is not getting loaded. It shows something like this -

Any help would be much appreciated.

Timestamps not preserved

Hi,

I am playing with this project and it´s quite interesting.
For test purposes i am loading only one pcap file but noticed that frame timestamps are not preserved, webshark start from zero as reference, is it possible to change it to maintain original timestamps?
Another thing, what do you recommend as process to capture traffic into captures folder? tcpdump with rotated files every minute, anything else more efficient?

Thanks

PCMA/8000 & PCMU/8000 are not supported

Can we add support for PCMA/8000 & PCMU/8000 for playing stream as these are common codecs used in VoIP?

Error trying to connect to /var/run/sharkd.sock

I observe below error while launching to the application.
Can you please help me on this error if possible ?

{"level":30,"time":1653552495131,"pid":18,"hostname":"7172137743c7","reqId":9,"req":{"method":"GET","url":"/webshark/json?req=info","hostname":"xxx:8085","remoteAddress":"xxx","remotePort":39129},"msg":"incoming request","v":1}

Error trying to connect to /var/run/sharkd.sock
{ Error: connect ENOENT /var/run/sharkd.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)
  errno: 'ENOENT',
  code: 'ENOENT',
  syscall: 'connect',
  address: '/var/run/sharkd.sock' }
Trying to spawn unix:/var/run/sharkd.sock
events.js:174
      throw er; // Unhandled 'error' event
      ^

Error: spawn sharkd ENOENT
    at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19)
    at onErrorNT (internal/child_process.js:415:16)
    at process._tickCallback (internal/process/next_tick.js:63:19)
Emitted 'error' event at:
    at Process.ChildProcess._handle.onexit (internal/child_process.js:246:12)
    at onErrorNT (internal/child_process.js:415:16)
    at process._tickCallback (internal/process/next_tick.js:63:19)
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] start: `npx fastify start -l info app.js -p 8085`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2022-05-26T08_08_15_179Z-debug.log

Extend sharkd to load data from URLs

Currently sharkd only supports loading from files it can directly access through function sharkd_session_process_load in turn calling load_cap_file

In order to support a broader scope of scenarios, it should be extended to support loading data from web APIs, ad-hoc interfaces and/or through piping other system commands.

This issue is just an intention pointer to track design elements and input from other devs.

imagestore

Missing RTP Audio

The RTP Audio exporting function seems broken in the latest builds. This used to work in the previous releases.

Investigating.

failures on new image build

i observe dependency failures during the new image build and i am failing to run the image due to node-fetch errors.

can you pls help to update the Dockerfile for new builds? (newbie here)

'Analyze' and 'Decode as' options for Pcaps

Hi @lmangani

Is it possible to use the 'Decode as' functionality like we have in wireshark through the analyze option. I have a need to provide a port with a specific value and analyze the pcap when the protocol field matches the value.

I am successfully passing the filters value in URL and looking something similar to that.
Any help would be highly appreciated.

Login page

I would like to use webshark in docker container on a public available server.
Would it be possible to add authentication somehow to Wireshark?

Cannot open capture

The capture uploads successfully, but then nothing happens, it just hangs on the upload screen.

Thanks

Add Plugin Support

Can we add Plugin support in webshark ?

For example, if I want to add HEP3 Dissector in Webshark, how it can be done?

Can not spawn /var/run/sharkd.sock on a container

Hello. First of all , Thanks for the work you have done in this repo.

I am trying to run the node application in a docker container . I am facing issues as spawning to /var/run/sharkd.sock is not working If I set SHARKD_SOCKET = "/var/run/sharkd.sock". I am getting following error -

Error trying to connect to /var/run/sharkd.sock Error: connect ENOENT /var/run/sharkd.sock at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1159:16) { errno: -2, code: 'ENOENT', syscall: 'connect', address: '/var/run/sharkd.sock' }

/var/run is already mounted so that should not be any issue. I have docker.sock inside /var/run folder . I gave a try by setting SHARKD_SOCKET = "/var/run/docker.sock" . Then I didn't get ENOENT error but new_sock.write(JSON.stringify(request)+"\n") did not work. So I am thinking spawning unix:/var/run/sharkd.sock is the actual issue in container.

Sharkd is running by sharkd - unix:/var/run/sharkd.sock. I can see 'Hello in child' output in the terminal

Could you please point me out if I am missing something.

uploading error

After uploading the pcapfile, it was not stored in the specified mapped captures folder, so the web file menu bar does not display the previously uploaded file。Uploading errors can cause container crashes, and the web error output is as follows：
Unknown Error {"headers":{"normalizedNames":{},"lazyUpdate":null,"headers":{}},"status":0,"statusText":"Unknown Error","url":"/webshark/upload","ok":false,"name":"HttpErrorResponse","message":"Http failure response for /webshark/upload: 0 Unknown Error","error":{"isTrusted":true}}

New User-Interface

@RFbkak37y3kIY has developed a new UI for webshark we can include in the 2.x release.

Let's deploy it to a branch and use this thread to apply the various API/UI changes using #17 as reference.

sharkd failing to start with source build

I'm attempting to build the webshark container from source with a tweak to the docker-compose file, using the commit 2c73300 .

webshark:
    # image: ghcr.io/qxip/webshark:2.0.0
    build: .

The build completes successfully, and the web interface starts, but when visiting the application in a browser, the server crashes.

webshark  | Error trying to connect to /home/node/sharkd.sock
webshark  | Error: connect ECONNREFUSED /home/node/sharkd.sock
webshark  |     at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1595:16) {
webshark  |   errno: -111,
webshark  |   code: 'ECONNREFUSED',
webshark  |   syscall: 'connect',
webshark  |   address: '/home/node/sharkd.sock'
webshark  | }
webshark  | Trying to spawn unix:/home/node/sharkd.sock
webshark  | Error spawning sharkd under /home/node/sharkd.sock / exit 1

Attempting to start sharkd manually from the command line results in a fatal error I cannot myself troubleshoot.

node@e065321c547b:/usr/src/node-webshark/api$ sharkd unix:/home/node/sharkd.sock
node@e065321c547b:/usr/src/node-webshark/api$  ** (sharkd:70) 20:04:44.321044 [Epan ERROR] epan/packet.c:3361 -- register_dissector_handle(): assertion failed: g_hash_table_lookup(registered_dissectors, name) == ((void *)0)
 ** (sharkd:70) Aborting on fatal log level exception

It looks like a dissector/plugin is registered twice, or a dissector/plugin is causing sharkd to crash?

https://github.com/wireshark/wireshark/blob/4585479ab0ef79344bdc4560491ffd40aceb8118/epan/packet.c#L3354-L3366

register_dissector_handle(const char *name, dissector_handle_t handle)
{
	/* Make sure name is "parsing friendly" - descriptions should be
	 * used for complicated phrases. */
	check_valid_dissector_name_or_fail(name);

	/* Make sure the registration is unique */
	ws_assert(g_hash_table_lookup(registered_dissectors, name) == NULL);

	g_hash_table_insert(registered_dissectors, (gpointer)name, handle);

	return handle;
}

I even attempted to build with some of the key changes commented out of the sharkd build script with no success.

# Update wireshark sources
git pull
git reset --hard 640ded8e1d45ec3ee8594c385b1045cbaa0042a0   ## tested with this hash

# Integrate sharkd
patch -p1 < ../sharkd/sharkd.patch
patch -p1 < ../sharkd/sharkd_opt_memory.patch ## optional
cp ../sharkd/*.[ch] ./

Docker example command broken

[scott@sob-desktop tmp]$ sudo docker run -ti --rm -p 8085:8085 -v $(pwd)/captures:/captures ghcr.io/qxip/webshark:latest
rm: cannot remove '': No such file or directory

> [email protected] start
> npx fastify start -l info app.js -a 0.0.0.0 -p 8085

{"level":30,"time":1693287165225,"pid":43,"hostname":"e9818d18aa01","msg":"Server listening at http://0.0.0.0:8085"}
{"level":30,"time":1693287168418,"pid":43,"hostname":"e9818d18aa01","reqId":"req-1","req":{"method":"GET","url":"/webshark/","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168425,"pid":43,"hostname":"e9818d18aa01","reqId":"req-1","res":{"statusCode":200},"responseTime":7.2343679999466985,"msg":"request completed"}
{"level":30,"time":1693287168438,"pid":43,"hostname":"e9818d18aa01","reqId":"req-2","req":{"method":"GET","url":"/webshark/css/webshark.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168439,"pid":43,"hostname":"e9818d18aa01","reqId":"req-3","req":{"method":"GET","url":"/webshark/css/awesomplete.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47490},"msg":"incoming request"}
{"level":30,"time":1693287168440,"pid":43,"hostname":"e9818d18aa01","reqId":"req-2","res":{"statusCode":200},"responseTime":1.6142440000548959,"msg":"request completed"}
{"level":30,"time":1693287168440,"pid":43,"hostname":"e9818d18aa01","reqId":"req-4","req":{"method":"GET","url":"/webshark/js/d3.v4.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47506},"msg":"incoming request"}
{"level":30,"time":1693287168441,"pid":43,"hostname":"e9818d18aa01","reqId":"req-5","req":{"method":"GET","url":"/webshark/js/webshark-app.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47474},"msg":"incoming request"}
{"level":30,"time":1693287168441,"pid":43,"hostname":"e9818d18aa01","reqId":"req-6","req":{"method":"GET","url":"/webshark/js/wavesurfer.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47522},"msg":"incoming request"}
{"level":30,"time":1693287168442,"pid":43,"hostname":"e9818d18aa01","reqId":"req-3","res":{"statusCode":200},"responseTime":2.2881270002108067,"msg":"request completed"}
{"level":30,"time":1693287168442,"pid":43,"hostname":"e9818d18aa01","reqId":"req-7","req":{"method":"GET","url":"/webshark/css/c3.min.css","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47528},"msg":"incoming request"}
{"level":30,"time":1693287168443,"pid":43,"hostname":"e9818d18aa01","reqId":"req-8","req":{"method":"GET","url":"/webshark/js/c3.min.js","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47540},"msg":"incoming request"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-6","res":{"statusCode":200},"responseTime":3.4042609999887645,"msg":"request completed"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-7","res":{"statusCode":200},"responseTime":2.706019999925047,"msg":"request completed"}
{"level":30,"time":1693287168445,"pid":43,"hostname":"e9818d18aa01","reqId":"req-4","res":{"statusCode":200},"responseTime":4.949557999847457,"msg":"request completed"}
{"level":30,"time":1693287168446,"pid":43,"hostname":"e9818d18aa01","reqId":"req-5","res":{"statusCode":200},"responseTime":4.552250000182539,"msg":"request completed"}
{"level":30,"time":1693287168446,"pid":43,"hostname":"e9818d18aa01","reqId":"req-8","res":{"statusCode":200},"responseTime":3.214585999958217,"msg":"request completed"}
{"level":30,"time":1693287168476,"pid":43,"hostname":"e9818d18aa01","reqId":"req-9","req":{"method":"GET","url":"/webshark/json?method=info","hostname":"localhost:8085","remoteAddress":"172.17.0.1","remotePort":47506},"msg":"incoming request"}
Error trying to connect to /var/run/sharkd.sock
Error: connect ENOENT /var/run/sharkd.sock
    at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1595:16) {
  errno: -2,
  code: 'ENOENT',
  syscall: 'connect',
  address: '/var/run/sharkd.sock'
}
Trying to spawn unix:/var/run/sharkd.sock
Error spawning sharkd under /var/run/sharkd.sock / exit 1
[scott@sob-desktop tmp]$

docker start error

I tried to run the docker on my vps, but it failed with the following error message

fog@webshark$ docker run -e SHARKD_SOCKET=/home/node/sharkd.sock -ti --rm -p 8085:8085 -v $(pwd)/captures:/captures ghcr.io/qxip/webshark:2.0.0
rm: cannot remove '/home/node/sharkd.sock': No such file or directory
node[1]: ../src/node_platform.cc:68:std::unique_ptr<long unsigned int> node::WorkerThreadsTaskRunner::DelayedTaskScheduler::Start(): Assertion `(0) == (uv_thread_create(t.get(), start_thread, this))' failed.
 1: 0xc98550 node::Abort() [node]
 2: 0xc985ce  [node]
 3: 0xd169a9 node::WorkerThreadsTaskRunner::WorkerThreadsTaskRunner(int) [node]
 4: 0xd16acc node::NodePlatform::NodePlatform(int, v8::TracingController*, v8::PageAllocator*) [node]
 5: 0xc53f13  [node]
 6: 0xc5487b node::Start(int, char**) [node]
 7: 0x7fb45d4f81ca  [/lib/x86_64-linux-gnu/libc.so.6]
 8: 0x7fb45d4f8285 __libc_start_main [/lib/x86_64-linux-gnu/libc.so.6]
 9: 0xbb004e _start [node]

fog@webshark$ uname -a
Linux calm-spin-1.localdomain 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

fog@webshark$ cat /etc/issue
Ubuntu 18.04 LTS \n \l

While on another local pc, it works

fog@captures$ uname -a
Linux fognb2 5.4.0-155-generic #172-Ubuntu SMP Fri Jul 7 16:10:02 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

fog@captures$ cat /etc/issue
Ubuntu 20.04.2 LTS \n \l

Any idea?