search

GDSSecurity / GWT-Penetration-Testing-Toolset

A set of tools made to assist in penetration testing GWT applications. Additional details about these tools can be found on my OWASP Appsec DC slides available here: http://www.owasp.org/images/7/77/Attacking_Google_Web_Toolkit.ppt
225 stars 86 forks source link

gwtparse failed on RPC call from GWT 2.5.1 #6

Open ghost opened 10 years ago

ghost commented 10 years ago

Hi,

the following RPC call is used on a webpage running GWT 2.5.1:

7|0|12|https://example.com/|{HASH}|net.customware.gwt.dispatch.client.standard.StandardDispatchService|execute|net.customware.gwt.dispatch.shared.Action|{CUSTOM_CLASSNAME}/951153625|java.util.Date/3385151746|test|java.util.HashSet/3273092938|java.lang.Integer/3438268394|{VERY_LONG_SESSION_STRING}|en|1|2|3|4|1|5|6|7|UUaJ_8A|7|UWQmkMA|7|UUfTlsA|7|UWLc$cA|200|8|9|1|10|52|11|12|

Using the gwtparse.py tool to parse this call leads to the following error:

Traceback (most recent call last):
  File "gwtparse.py", line 87, in <module>
    gwt.deserialize( options.rpc_request )
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 716, in deserialize
    self._parse()
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 701, in _parse
    self._parse_value(param.typename)
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 663, in _parse_value
    self._parse_read_object(data_type)
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 509, in _parse_read_object
    if self._nextval_is_an_integer( prev_index ):
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 136, in _nextval_is_an_integer
    if int(self.indices[0]) == int(self.indices[1]):
ValueError: invalid literal for int() with base 10: 'UUaJ_8A'
pwneddesal commented 8 years ago

This tool is not working on latest version of gwt, isn't it ?

quentinhardy commented 7 years ago

Tested on 2.5.0rc1. It does not parse RPC calls correctly -:( So I think the tool should NOT work for other versions too ?! (e.g. 2.6.0, 2.7.1, 2.8.1)

What are versions tested?