Python Script for Enumerating Commands used in WebSocket Demo App
#import the required binaries and namespaces | |
import clr | |
clr.AddReference("WebsocketClient.exe") | |
from WebsocketClient import * | |
#the templates for WebSocket messages used in WebSocket Demo App | |
create_session_msg = '{"cmd":"startSession"}' | |
get_prod_msg = '{"cmd":"getProduct", "sessionId":"", "id":0}' | |
get_error_msg = '{"cmd":"getError", "sessionId":""}' | |
check_cmd_msg = '{"cmd":"someCommand", "sessionId":""}' | |
#Verbs and Nouns used to enumerate command names | |
verbs = ["get", "create", "start", "delete", "enter", "rename", "change"] | |
nouns = ["User", "Users", "Privileges", "Error", "Errors", "Exception", "Config"] | |
#Send a message with a command name and get the code of the server's response | |
def chk_cmd(cmd): | |
try: | |
jm = Tools.ParseAsJson(check_cmd_msg) | |
jm["sessionId"] = session_id | |
jm["cmd"] = cmd | |
ws.Send(jm.ToString()) | |
m = ws.Read() | |
jm = Tools.ParseAsJson(m) | |
return jm["code"].ToString().strip('"') | |
except: | |
return "" | |
#Create a new Session and return the new Session ID | |
def create_session(): | |
ws.Send(create_session_msg) | |
m = ws.Read() | |
jm = Tools.ParseAsJson(m) | |
return jm["sessionId"].ToString().strip('"') | |
ws = SyncWebsockClient() | |
ws.Connect("ws://localhost:9091/app", "", "") | |
session_id = create_session() | |
for verb in verbs: | |
for noun in nouns: | |
cmd = verb + noun | |
result = chk_cmd(cmd) | |
if result != "invalidCommand": | |
print "\r\n-----------\r\n" + cmd + "--->" + result + "\r\n-----------\r\n" | |
else: | |
print cmd + " does not exist" | |
ws.Close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment