Open CGraabaek opened 5 years ago
reverse engineering ftw.
i think the same approach as with updates might be feasible.
assmuning they use servicenow themselves: apparantly all ajax calls are routed though a processor named xmlhhtp.do. taking a predefined set of parameters (defined in the script include) with the body being url-form-encoded. To invoke a processor you need to use cookie based authentication. which requires you to setup a persistent session using the api endpoint. (basically means storing and maintainig cookies on each request).
if we figure out the input parameters we might be able to set up a persistent session and invoke their endpoint.
have already implemented persistent sessions in the api manager class.
There is this repo which does what we want, it is written in go though. https://github.com/0x111/servicenow-instance-wakeup
Not to fund of his idea.
It's basically ahk using Chrome. 😅
Yeah I know, just to show what others have acheived.
we need to get smarter then. ;)
It is just not stable enough when we get end users onboard.
Find a way to wake a DEV instance from the extension.