PayloadsAllTheThings/Google Web Toolkit/README.md

2.6 KiB

Google Web Toolkit

Google Web Toolkit (GWT), also known as GWT Web Toolkit, is an open-source set of tools that allows web developers to create and maintain JavaScript front-end applications using Java. It was originally developed by Google and had its initial release on May 16, 2006.

Summary

Tools

Methodology

  • Enumerate the methods of a remote application via it's bootstrap file and create a local backup of the code (selects permutation at random):
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --backup
    
  • Enumerate the methods of a remote application via a specific code permutation
    ./gwtmap.py -u http://10.10.10.10/olympian/C39AB19B83398A76A21E0CD04EC9B14C.cache.js
    
  • Enumerate the methods whilst routing traffic through an HTTP proxy:
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --backup -p http://127.0.0.1:8080
    
  • Enumerate the methods of a local copy (a file) of any given permutation:
    ./gwtmap.py -F test_data/olympian/C39AB19B83398A76A21E0CD04EC9B14C.cache.js
    
  • Filter output to a specific service or method:
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService.login
    
  • Generate RPC payloads for all methods of the filtered service, with coloured output
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService --rpc --color
    
  • Automatically test (probe) the generate RPC request for the filtered service method
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter AuthenticationService.login --rpc --probe
    ./gwtmap.py -u http://10.10.10.10/olympian/olympian.nocache.js --filter TestService.testDetails --rpc --probe
    

References