How to establish a TCP Socket connection from a web browser (client side)?

Asked 8/11, 2011 at 13:57 Answered 10/6, 2015 at 15:10

Solved ajax flash sockets applet websocket

I've read about WebSockets but they don't seem to be pure "sockets", because there is an application layer protocol over them. "ws:"

Is there any way of doing a pure socket connection from a web browser, to enliven webpages?

Here are my random stabs in the dark

Applets sockets provided by Java (need java installed)
Flash sockets provided by Flash (need flash installed)

But about HTML5, Why are they called WebSockets if they aren't Sockets?

Is the websocket protocol so simple to implement that it is "almost"-sockets?

Sphagnum answered 8/11, 2011 at 13:57 Comment(0)

I've read about WebSockets but they don't seem to be pure "sockets", because there is an application layer protocol over them.

[Is the] websocket protocol so simple to implement that [it is] "almost"-sockets?

Allowing regular socket connections directly from the browser is never going to happen because it opens up a huge risk. WebSockets is about as close to raw sockets from the browser as you are going to get. The initial WebSockets handshake is similar to an HTTP handshake (allowing web servers to proxy/bridge it) and adds CORS type security. In addition, WebSockets is a message based transport (rather than streaming as raw TCP) and this is done using a two byte header on each message frame.

Even flash is not able to quite make raw TCP connections. Flash sockets also add CORS security, but instead of an in-band handshake, flash socket connections make a connection to port 843 on the target server to request a security policy file.

Is there any way of doing a pure socket connection from a web browser, to enliven webpages?

Yes, you can use my websockify bridge/proxy which allows a WebSockets enabled browser to connect directly to a TCP socket via websockify.

But about HTML5, Why are they called WebSockets if they aren't Sockets?

WebSockets are a transport built on TCP sockets. After the handshake there is very minimal overhead (typically just a two byte header).

Collett answered 8/11, 2011 at 15:40 Comment(6)

Nice answer +1, and thanks for the typo. Narrowing my search: It will be enough for me if I can connect with a Server at the client side I mean a server installed at client machine, localhost from the point of view of the browser, perhaps there security issues (should) be simpler, any advice on this? thanks – Bonis 8/11, 2011 at 15:52

Connecting to localhost doesn't really change the security situation. Imagine a malicious web page (or malicious advertisement on a friendly web page) that could connect to all your local ports. Basically it bypasses all firewall protection. You could still run websockify locally for any ports you wish to proxy. – Collett 8/11, 2011 at 19:12

There is w3c a draft for a raw socket api The security and privacy considerations is weak and singular. That's all I have to say. – Cryptology 8/7, 2013 at 17:46

@user2350838, the Raw Sockets specification is part of the sysapps WG (w3.org/2012/09/sysapps-wg-charter.html). The sysapps WG charter is to standardize the APIs that are available to trusted/user installed web applications (i.e. installed web apps). It's not something that will be available to standard web site/web applications. For example, Chrome packaged aps, Firefox OS apps, PhoneGap apps, etc have access to additional APIs. The sysapps group is trying to create a standard for those APIs. – Collett 8/7, 2013 at 18:52

@Collett can you please elaborate on the security risks of allowing raw tcp sockets in the browser? – Sedgemoor 15/4, 2015 at 15:52

@Sedgemoor see my comment about why websockify will not support arbitrary host:port destinations: github.com/kanaka/websockify/issues/3#issue-907487 The reason is the same. In summary, arbitrary TCP from the browser would allow a piece of malicious JS code (perhaps delivered surreptitiously by a middle man ala the recent github DDOS) to connect to anything on your INTERNAL network thus bypassing firewall protection. WebSocket protects against that by adding WebSocket negotiation (only connections to WebSocket servers allowed) and standard CORS. – Collett 15/4, 2015 at 16:15

I can't improve on Kanaka's answers to your secondary questions, and I know this question is a year old. But for the main question, Is there any way of doing a pure socket connection from a web browser, to enliven webpages? There is a project called the Java / JavaScript Socket Bridge that might be what you (or anyone coming across this page from a Google search) are looking for. The advantage of this method over what others have mentioned is that it does not require either a client-side or a server-side service to be run. So, for instance, if you wanted to implement an IRC client purely in JavaScript but your web host does not allow you sufficient rights to proxy the connection, this Java applet would be the way to go. The only concern is making sure the client has Java installed and allowed.

Subaxillary answered 26/10, 2012 at 16:39 Comment(0)

You can just send data between a client and a server with WebSockets. Simply speaking, the only difference that WebSockets introduces is that the client:

adds some header bytes, like the type of data and the length
adds masks and encodes the data using them

The server also has to add header bytes, but does not need to encode the data.

If you implement the protocol correctly (server side, that is, since the browser already has an implementation), you can use it with ease to send text and binary data. (Although browser support is narrow, especially for the latter.)

Hasidism answered 8/11, 2011 at 14:2 Comment(2)

Would be great to know, how those header bytes look like, any reference? thanks – Bonis 8/11, 2011 at 14:14

@void: There is the specification at tools.ietf.org/html/…. Previously I posted some pseudocode about decoding data from client to server at https://mcmap.net/q/88546/-how-to-de-construct-data-frames-in-websockets-hybi-08 – Hasidism 8/11, 2011 at 14:16

The benefit of WebSocket is that it is HTTP based. You can use it also in environments there http proxies are used. Thus Websocket has a higher infrastructure compatibility as plain tcp.

Additionally http/WebSocket is providing you some features which you otherwise have to specify on your own:

Redirect
NAT keepalive
Multiplexing via URI
Framing

Disjointed answered 10/6, 2015 at 15:10 Comment(1)

What's framing? – Trichromatism 15/5, 2020 at 21:21

If you are asking for some data to be pushed from server it is widely termed as COMET or Reverse Ajax.

Web sockets is still not very popular as there are inherent firewall issues and minimal support yet from popular browsers.

You can take a look at http://www.ape-project.org/ as this is one of the most popular implementations (but native to unix/linux only for now. For windows they suggest using a virtual box or vmware based implementation)

Vitrescent answered 8/11, 2011 at 14:2 Comment(0)

Recommended topics

Hot tags