Hi guys, my boss want me to check security issues in our application. We have some sort of XSRF protection (xsrf key in cookie) and my job is to check if it worx fine. I want to simulate xsrf attack on unprotected code and then try the same attack on protected to accomplish this.
My plan was: install wireshark, analyze network traffic, find request suitable for invoking (simple one ;)), write some js code which will attack my own code :) The problem is with step 2 - analyze network traffic - it seems that rpc request is encoded in some strange way - Does anybody know how is the gwt rpc request (post) encoded? Basically, i need just call some simple method with xsrf key in parameter, there is no need to parse the response... So, is there anybody who can help me? :) BTW: Excuse me for my english ;) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
