Perfect, thank you for pointing the way! On Dec 21, 9:58 am, Sripathi Krishnan <[email protected]> wrote: > Following blog posts should help you pen test your app. They aren't my posts > - but I have found them useful. > > *a) RPC Format - > *http://www.gdssecurity.com/l/b/2009/10/08/gwt-rpc-in-a-nutshell/ > *b) How RPC can be fuzzed* > -http://www.gdssecurity.com/l/b/2010/05/06/fuzzing-gwt-rpc-requests/ > *c) How to enumerate all RPC methods* > -http://www.gdssecurity.com/l/b/2010/07/20/gwtenum-enumerating-gwt-rpc... > > You may also want to read through > de-gwt<http://code.google.com/p/degwt/wiki/HowDeGWTWorks> > . > > --Sri > > On 21 December 2010 11:03, travemm <[email protected]> wrote: > > > Hi, > > > I'm looking for details (references to code are fine) about how the > > rpc messages are formatted. I'm doing penetration testing for a > > client's GWT rpc servlets but cannot access their source or discuss > > with their developers (black/grey box testing). > > > Looking at an rpc request it appears to be formated the following way: > > #|#|#|URL|StrongHash|Class_Name|Method_Name|ARG1_Class_name| > > ARG1_member1|...|ARG1_memberN|ARG2_Class_Name|ARG2_member1|...| > > ARG2_memberN|#|#|#|#.....|#|#|# > > > The first three #'s appear to be related to the request and number of > > args, not %100 sure on this relation. > > The last set of #"s I'm very confused on what they do and mean. > > > I have the following use case that will probably result in a > > successful penetration test for my client. > > > A request to method M1 sends and object with all the fields set to > > NULL. > > A request to method M2 sends the same object and some additional > > objects, but with all the fields set to valid values. > > I need to create a request to M1 with the same object sent to M2. > > Since M2 also has additional arguments the RPC requests are rather > > different and it isn't straight forward for me. > > > Of course through a hundred hours of reading GWT source I could figure > > this out, but hopefully there is something simpler. I can request a > > copy of the class file for the class I need to serialize and send to > > M1, if that will allow me to make the request to M1 using GWT > > interfaces. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google Web Toolkit" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-web-toolkit%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-web-toolkit?hl=en.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
