Skip to content

Instantly share code, notes, and snippets.

@ddouhine
Created December 16, 2014 14:56
Show Gist options
  • Save ddouhine/7c4beeae89e09a2b8a05 to your computer and use it in GitHub Desktop.
Save ddouhine/7c4beeae89e09a2b8a05 to your computer and use it in GitHub Desktop.
GWT support (according to the vendors):
Acunetix
NTOSpider
WebInspect
AppScan
ZAP
Tested:
Burp + Gwtscan.jar: works ~
GWT-Penetration-Testing-Toolset:
gwtenum doesn't works
gwtparse works ~
To manually find the entry points:
GWT Application Entrypoint Javascript File:
https://FQDN/webapp/webapp.nocache.js
List “Service Interfaces”:
wget https://FQDN/webapp/B7501AF09D1FC5B26E65043C4A20FF0E.cache.html -O GWT-EntryPoint.html; cat GWT-EntryPoint.html | sed 's/com\./&\ncom./g' | awk -F “\'|\;” '{print $1}'| grep -v '\.$' | grep ^com | sort
ex: wget –http-user=user –http-password=pass –no-check-certificate https://FQDN/webapp/B7501AF09D1FC5B26E65043C4A20FF0E.cache.html -O GWT-EntryPoint.html; cat GWT-EntryPoint.html | sed 's/com\./&\ncom./g' | awk -F “\'|\;” '{print $1}'| grep -v '\.$' | grep ^com | sort
output:
(…)
com.XXX.services.FileDownloadService
com.XXX.services.FileHandler
com.XXX.services.VerifyFileUploadController
(…)
com.XXX.services.URLController
com.XXX.services.UserProfileService
List “Service Interface” and “Methods”:
Burp/Target/SiteMap/RightClick/Save selected items/uncheck Base64 encode requests and responses
$ grep “^7” * | awk -F “|” '{print $1,$6,$7}' | sort -u
output:
XXX:7 com.XXX.services.ApplicationService getAdditionalData
XXX:7 com.XXX.services.ApplicationService getDataTableData
XXX:7 com.XXX.services.ApplicationService getMenus
XXX:7 com.XXX.services.ApplicationService sendRequest
XXX:7 com.XXX.services.ApplicationService sendServiceRequest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment