Following blog posts should help you pen test your app. They aren't my posts - but I have found them useful.
*a) RPC Format - * http://www.gdssecurity.com/l/b/2009/10/08/gwt-rpc-in-a-nutshell/ *b) How RPC can be fuzzed* - http://www.gdssecurity.com/l/b/2010/05/06/fuzzing-gwt-rpc-requests/ *c) How to enumerate all RPC methods* - http://www.gdssecurity.com/l/b/2010/07/20/gwtenum-enumerating-gwt-rpc-method-calls/ You may also want to read through de-gwt<http://code.google.com/p/degwt/wiki/HowDeGWTWorks> . --Sri On 21 December 2010 11:03, travemm <[email protected]> wrote: > Hi, > > I'm looking for details (references to code are fine) about how the > rpc messages are formatted. I'm doing penetration testing for a > client's GWT rpc servlets but cannot access their source or discuss > with their developers (black/grey box testing). > > Looking at an rpc request it appears to be formated the following way: > #|#|#|URL|StrongHash|Class_Name|Method_Name|ARG1_Class_name| > ARG1_member1|...|ARG1_memberN|ARG2_Class_Name|ARG2_member1|...| > ARG2_memberN|#|#|#|#.....|#|#|# > > The first three #'s appear to be related to the request and number of > args, not %100 sure on this relation. > The last set of #"s I'm very confused on what they do and mean. > > I have the following use case that will probably result in a > successful penetration test for my client. > > A request to method M1 sends and object with all the fields set to > NULL. > A request to method M2 sends the same object and some additional > objects, but with all the fields set to valid values. > I need to create a request to M1 with the same object sent to M2. > Since M2 also has additional arguments the RPC requests are rather > different and it isn't straight forward for me. > > Of course through a hundred hours of reading GWT source I could figure > this out, but hopefully there is something simpler. I can request a > copy of the class file for the class I need to serialize and send to > M1, if that will allow me to make the request to M1 using GWT > interfaces. > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
