Last active
March 7, 2016 10:54
-
-
Save Lavakumar/5aad9e14f27d2eeec6e1 to your computer and use it in GitHub Desktop.
Python Script for Enumerating Commands used in WebSocket Demo App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#import the required binaries and namespaces | |
import clr | |
clr.AddReference("WebsocketClient.exe") | |
from WebsocketClient import * | |
#the templates for WebSocket messages used in WebSocket Demo App | |
create_session_msg = '{"cmd":"startSession"}' | |
get_prod_msg = '{"cmd":"getProduct", "sessionId":"", "id":0}' | |
get_error_msg = '{"cmd":"getError", "sessionId":""}' | |
check_cmd_msg = '{"cmd":"someCommand", "sessionId":""}' | |
#Verbs and Nouns used to enumerate command names | |
verbs = ["get", "create", "start", "delete", "enter", "rename", "change"] | |
nouns = ["User", "Users", "Privileges", "Error", "Errors", "Exception", "Config"] | |
#Send a message with a command name and get the code of the server's response | |
def chk_cmd(cmd): | |
try: | |
jm = Tools.ParseAsJson(check_cmd_msg) | |
jm["sessionId"] = session_id | |
jm["cmd"] = cmd | |
ws.Send(jm.ToString()) | |
m = ws.Read() | |
jm = Tools.ParseAsJson(m) | |
return jm["code"].ToString().strip('"') | |
except: | |
return "" | |
#Create a new Session and return the new Session ID | |
def create_session(): | |
ws.Send(create_session_msg) | |
m = ws.Read() | |
jm = Tools.ParseAsJson(m) | |
return jm["sessionId"].ToString().strip('"') | |
ws = SyncWebsockClient() | |
ws.Connect("ws://localhost:9091/app", "", "") | |
session_id = create_session() | |
for verb in verbs: | |
for noun in nouns: | |
cmd = verb + noun | |
result = chk_cmd(cmd) | |
if result != "invalidCommand": | |
print "\r\n-----------\r\n" + cmd + "--->" + result + "\r\n-----------\r\n" | |
else: | |
print cmd + " does not exist" | |
ws.Close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment