Some Information
【Pre-built Packages】
Open Source Version: https://oss.iinti.cn/sekiro/sekiro-demo
It is generally recommended to download the latest package
【Open Source Code Repository】
GitHub Open Source Address: https://github.com/yint-tech/sekiro-open
【Our Documentation】
https://sekiro.iinti.cn/sekiro-doc/
Installation Process
The installation environment requires Java (after testing, jdk8, jdk11, jdk17, etc. are all usable)
Taking the example of downloading our pre-built package, start by unpacking it
In the project directory, execute the startup script:
- Windows:
bin\sekiro.bat - Linux:
bin/sekiro.sh
Function Verification
Here, we use a scenario involving JavaScript injection, selecting an HTTP URL.
(If it is an HTTPS website, remember to change ws to wss, for details, refer to https://iinti.cn/sekiro-article/sekiro-wss/)
Note: The open source version does not support wss in implementation and can only be achieved through certificate signing. Please refer to: https://sekiro.iinti.cn/sekiro-doc/02_advance/03_sslForWebsocket.html#%E5%AE%89%E8%A3%85ca%E8%AF%81%E4%B9%A6 The commercial version can directly use port 443
Paste the following into the web console.
function SekiroClient(e){if(this.wsURL=e,this.handlers={},this.socket={},!e)throw new Error("wsURL can not be empty!!");this.webSocketFactory=this.resolveWebSocketFactory(),this.connect()}SekiroClient.prototype.resolveWebSocketFactory=function(){if("object"==typeof window){var e=window.WebSocket?window.WebSocket:window.MozWebSocket;return function(o){function t(o){this.mSocket=new e(o)}return t.prototype.close=function(){this.mSocket.close()},t.prototype.onmessage=function(e){this.mSocket.onmessage=e},t.prototype.onopen=function(e){this.mSocket.onopen=e},t.prototype.onclose=function(e){this.mSocket.onclose=e},t.prototype.send=function(e){this.mSocket.send(e)},new t(o)}}if("object"==typeof weex)try{console.log("test webSocket for weex");var o=weex.requireModule("webSocket");return console.log("find webSocket for weex:"+o),function(e){try{o.close()}catch(e){}return o.WebSocket(e,""),o}}catch(e){console.log(e)}if("object"==typeof WebSocket)return function(o){return new e(o)};throw new Error("the js environment do not support websocket")},SekiroClient.prototype.connect=function(){console.log("sekiro: begin of connect to wsURL: "+this.wsURL);var e=this;try{this.socket=this.webSocketFactory(this.wsURL)}catch(o){return console.log("sekiro: create connection failed,reconnect after 2s:"+o),void setTimeout(function(){e.connect()},2e3)}this.socket.onmessage(function(o){e.handleSekiroRequest(o.data)}),this.socket.onopen(function(e){console.log("sekiro: open a sekiro client connection")}),this.socket.onclose(function(o){console.log("sekiro: disconnected ,reconnection after 2s"),setTimeout(function(){e.connect()},2e3)})},SekiroClient.prototype.handleSekiroRequest=function(e){console.log("receive sekiro request: "+e);var o=JSON.parse(e),t=o.__sekiro_seq__;if(o.action){var n=o.action;if(this.handlers[n]){var s=this.handlers[n],i=this;try{s(o,function(e){try{i.sendSuccess(t,e)}catch(e){i.sendFailed(t,"e:"+e)}},function(e){i.sendFailed(t,e)})}catch(e){console.log("error: "+e),i.sendFailed(t,":"+e)}}else this.sendFailed(t,"no action handler: "+n+" defined")}else this.sendFailed(t,"need request param {action}")},SekiroClient.prototype.sendSuccess=function(e,o){var t;if("string"==typeof o)try{t=JSON.parse(o)}catch(e){(t={}).data=o}else"object"==typeof o?t=o:(t={}).data=o;(Array.isArray(t)||"string"==typeof t)&&(t={data:t,code:0}),t.code?t.code=0:(t.status,t.status=0),t.__sekiro_seq__=e;var n=JSON.stringify(t);console.log("response :"+n),this.socket.send(n)},SekiroClient.prototype.sendFailed=function(e,o){"string"!=typeof o&&(o=JSON.stringify(o));var t={};t.message=o,t.status=-1,t.__sekiro_seq__=e;var n=JSON.stringify(t);console.log("sekiro: response :"+n),this.socket.send(n)},SekiroClient.prototype.registerAction=function(e,o){if("string"!=typeof e)throw new Error("an action must be string");if("function"!=typeof o)throw new Error("a handler must be function");return console.log("sekiro: register action: "+e),this.handlers[e]=o,this};
var client = new SekiroClient("ws://127.0.0.1:5612/business/register?group=test_web&clientId=" + Math.random());
client.registerAction("testAction", function (request, resolve, reject) {
resolve("ok");
});
After pressing Enter, a Sekiro connection was established:
Next, we make a call from the browser: http://127.0.0.1:5612/business/invoke?group=test_web&action=testAction¶m=testparm
You can see that the returned data matches what we wrote in the injected code, resolve("ok").
FAQ
Q1: Do I need to manually create groups in the background? A1: The demo version does this automatically. Information such as group in the open-source version is stored in memory.
Q2: I want to inject into an HTTPS site using the demo version. What are the ways to achieve this? A2:
- Method 1: Self-signed or domain-signed certificates
> You can find relevant tutorials online.- Method 2: Does deploying on the local 127.0.0.1 server not require signing? (The answer is no)
> In theory, we do not need to sign messages sent to 127.0.0.1 (i.e., local), because we generally consider messages sent locally to be trustworthy.
> However, the open-source version does not support wss in implementation and will directly close the connection.- Method 3: The easiest way is to use our test server~
> The test server has CA signing.
Q3: Are there any limits on the number of actions under a group, and do unused actions get automatically recycled? A3: There is no limit on the number of actions under a group; unused actions are not automatically recycled. If you are using the open-source version, once closed, they are gone - they are all recorded in memory. If you have specific requirements for controlling creation and deletion, you can modify the source code yourself.
Q4: What is the concurrency of Sekiro? A4: Generally, there is no upper limit.
The ultimate bottleneck lies in the device and the network. Our 100M bare metal server, 24 cores, 16GB, supports over 50,000 QPS. Because the device has been overloaded, and the router has also been overloaded, we have implemented QPS flow control for the device. Even Nginx affects performance, which is why we have implemented direct port connections.