Node Inseptor

Hi all,If you don't mind, I would like to show an internal project which we just made public. We call it Inseptor.Inseptor is effectively a hook which once installed allows an external process to monitor all requests and responses that go through a node server. It is useful for debugging but also for security research and bug hunting. Unlike node-inspector, the chrome dev tools and other debugging features that already exist, the implementation is minimal. Also, the websocket message protocol we use is straightforward which means that the client can be implemented in anything. Other languages can also be supported by the same client.While I am sure there are probably better tools, my experience thus far is that I don't find them intuitive and often I am left doubting if they work at all. This tool is pretty much tailored towards HTTP. The code-base is very small and simple (101 loc). We think that most of the work needs to be done by the client and not the server.Although we buffer requests and responses at the moment, the plan is that going forward, it will be a streaming server. I am hoping to implement WebRTC soon. In non-prod environments, provided you have the right sessions keys, it will be pretty awesome if you can get a full live-stream of what happens and when instead of sifting through log files. This can be achieved by connecting to multiple of these feeds. Obviously, it is discouraged to use anything like this in production environments unless it is relatively unimportant.I also wrote a blog post about Inseptor today. It is early days but it will be amazing if we can get some feedback.

Submitted January 19, 2018 at 04:51PM by _pdp_