Manually generating x-gwt-rpc from Python - gwt

I want to access a GWT service from a Python script, so I want to generate a x-gwt-rpc request manually. Can't seem to find any info on the format of a GWT RPC call, since everybody does it from Java (so the call is generated by the framework). Where can I find some detailed documentation about this format?

Don't think it is a trivial task to do that, but because gwt is opensource i would say that the source-code is a pretty good documentation for how it works, if you know java that is.
Gwt source

I stumbled on the same problem as you and I think I solved it rather easily.
Though I haven't figured out how to catch the response properly, I managed to get the response and successfully send the request. Here is what I did:
import requests
url = 'yours url'
header = {'Accept':'*/*',
'Accept-Encoding':'gzip, deflate',
etc...
}
cookie = {cookies if needed
}
data_g = 'this would be request payload u can see in F12 of browser '# u just copy it and paste it, !!!like a string (UTF-8 chars)
t = requests.post(url, headers=header, data = data_g, cookies = cookie)
print vars(t).keys()
#line above will print all variables of t
print t
Also these are some good links you should check out:
https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset
https://docs.google.com/document/d/1eG0YocsYYbNAtivkLtcaiEE5IOF5u4LUol8-LL0TIKU/edit?hl=de&forcehl=1

Related

Perl get request returns empty response, maybe session related?

I was using an open source tool called SimTT which gets an URL of a tabletennis league and then calculates the probable results (e.g. ranking of teams and players). Unfortunately the webpage moved to a different webpage.
I downloaded the open source and repaired the parsing of the webpage, but currently I'm only able to download the page manually and read it then from a file.
Below you can find an excerpt of my code to retrieve the page. It prints success, but the response is empty. Unfortunately I'm not familiar with perl and webtechniques very well, but in Wireshark I could see that one of the last things send was a new session key. But I'm not sure, if the problem is related to cookies, ssl or something like that.
It would be very nice if someone could help me to get access. I know that there are some people out there which would like to use the tool.
So heres the code:
use LWP::UserAgent ();
use HTTP::Cookies;
my $ua = LWP::UserAgent->new(keep_alive=>1);
$ua->agent('Mozilla/5.0');
$ua->cookie_jar({});
my $request = new HTTP::Request('GET', 'https://www.mytischtennis.de/clicktt/ByTTV/18-19/ligen/Bezirksoberliga/gruppe/323819/mannschaftsmeldungen/vr');
my $response = $ua->request($request);
if ($response->is_success) {
print "Success: ", $response->decoded_content;
}
else {
die $response->status_line;
}
Either there is some rudimentary anti-bot protection at the server or the server is misconfigured or otherwise broken. It looks like it expects to have an Accept-Encoding header in the request which LWP by default does not sent. The value of this header does not really seem to matter, i.e. the server will send the content compressed with gzip if the client claims to support it but it will send uncompressed data if the client offered only a compression method which is unknown to the server.
With this knowledge one can change the code like this:
my $request = HTTP::Request->new('GET',
'https://www.mytischtennis.de/clicktt/ByTTV/18-19/ligen/Bezirksoberliga/gruppe/323819/mannschaftsmeldungen/vr',
[ 'Accept-Encoding' => 'foobar' ]
);
With this simple change the code works currently for me. Note that it might change at any time if the server setup will be changed, i.e. it might then need other workarounds.

How to pack a variable into an HTTP GET request in socket.send() - Python 2.7

First off thanks for reading!
Second off YES I have tried to find the answer! :) Perhaps I haven't found it because I'm not using the right words to describe my problem, but it's been about 4 hours that I've been trying to figure it out now and I'm getting a little loopy trying to piece it together on my own.
I am very new to programming. Python is my first language. I am on my third Python course. I have an assignment to use the socket library (not urllib library - I know how to do that) to make a socket and use GET to receive information. The problem is that the program needs to take raw input for the URL in question.
I have everything else the way I want it, but I need to know the syntax that I'm supposed to be using INSIDE my "GET" request in order for the HTTP message to include the requested document path.
I have tried (obviously not all together lol):
mysock.send('GET (url) HTTP/1.0\n\n')
mysock.send( ('GET (url) HTTP:/1.0\n\n'))
mysock.send(('GET (url) HTTP:/1.0\n\n'))
mysock.send("GET (url) HTTP/1.0\n\n")
mysock.send( ("'GET' (url) HTTP:/1.0\n\n"))
mysock.send(("'GET' (url) 'HTTP:/1.0\n\n'"))
and:
basically every other configuration of the above (, ((, ( (, ', '' combinations listed above.
I have also tried:
-Creating a string using the 'url' variable first, and then including it inside mysock.send(string)
-Again with the "string-first" theory, but this time I used %r to refer to my user input (so 'GET %r HTTP/1.0\n\n' % url basically)
I've read questions here, other programming websites, the whole chapter in the book and the whole lectures/notes online, I've read articles on the socket library and the .send(), and of course articles on GET requests... but I'm clearly missing something. It seems most don't use socket library when they can use urllib and I don't blame them!!
Thank you again...
Someone from the university posted back to me that the url variable can concatenated with the GET syntax and assigned to a string variable which can then be called with .send(concatenatedvariable) - I had mentioned trying that but had missed that GET requires a space after the word 'GET' so of course concatenating didn't include a space and that blew it. In case anyone else wants to know :)
FYI: A fully quallified URL is only allowed in HTTP/1.1 requests. It is not the norm, though, as HTTP/1.1 requires setting the Host header. The relevant piece of reading would've been RFC 7230, sec. 3.1.1 and possibly RFC 3986. The syntax of the parameters is largely borrowed from the CGI format. It is in no way enforced, however. In a nutshell, everything put together would look like this on the wire:
GET /path?param1=value1&param2=value2 HTTP/1.1
Host: example.com
As a final note: The line delimiter in HTTP is CRLF (\r\n). For robustness, a simple linefeed is acceptable as well but not recommended.

BigCommerce API Update Order with PUT

I need to update an order which is done via PUT method passing the order id as part of the https url string and a single parameter, the status_id.
https://mystore.mybigcommerce.com/orders/12345.json
I have tried several methods to pass the status_id value but no matter what I try "status_id=12" or formatted as JSON "{"status_id": 12,}" I always get the same response:
[{"status":415,"message":"The specified input content type is not valid."}]
I have also tried as a POST request passing the JSON or XML code as raw data but that method is not supported.
How am I supposed to pass that field=value pair? can I embed it in the url string?
I also tried it but it wouldn't work for me.
Any ideas?
In case you are wondering I am doing it within FileMaker with TROIUrl plugIn, not a very popular technology, but the GET method retrieving orders works like a charm
TURL_Put( ""; $url ;"status_id=12") (I have also tried other FM plugIns to no avail)
Don't get too caught up in the Filemaker part, I don't expect many people out there to be familiar with BigCommerce and Filemaker. I just need a generic answer.
Thanks
Commandline tool curl is worth a try. It supports put and https.
Mac OS X: curl already installed, call from FileMaker via AppleScript do shell script.
Windows: must be installed, call via Powershell.
It works for me using { "status_id": "3" } which means you probably need to put quotes around the actual number.
Also, it is a PUT operation and application/json which is part of the request content.
The error message received by the OP:
[{"status":415,"message":"The specified input content type is not valid."}]
Is saying that he did not supply the 'Content-Type' header in his request or that the header supplied is for a content type that is not allowed. For the OP's case using JSON he would need to include the header:
Content-Type: application/json
in his HTTPS request. This description can be found along with those of the other status codes you may see here:
https://developer.bigcommerce.com/api/status-codes

WSDL Cannot find dispatch method for

For a web service call using a WSDL, I'm getting the error Cannot find dispatch method for {http://ws.somecompany.com/services}ValidateUser, what does that mean exactly? Does it mean that it cannot find ValidateUser?
This typically means that the SOAP framework could not find the operation that should be invoked via this request. A SOAP framework typically inspects the message to find pointers about how to route the message to the operation. Reasons for this error are mostly configuration issues (different namespaces, different encodings (RPC vs. doc/lit), usage of WS-Addressing vs. plain SOAP etc.)
I had a similar problem and struggling, googling for 1 day. But it was a simple mistake that instead of:
{http://ws.somecompany.com/services}ValidateUser
It should be
{http://ws.somecompany.com/services/}ValidateUser
I had not checked my WSDL clearly.
In my case I solved by making sure that my config file either app.config or web.config depending on your client has correct endpoint. I had wrong address in my endpoint. I changed it and it worked fine.
I also lost a day to this issue, albeit with a different root cause.
In our case, two similar endpoint urls had got mixed up in the properties file. Both services were present and running, but the WSDLs didn't match up, so instead of a ConnectionException, we were getting this SOAPFaultException: "Cannot find dispatch method".
My fifty cent, I got same error message but my case was yet different from all above, so hopefuly it might help someone.
I had .wsdl file, which got outdated without my knowledge when colleagues on the other side of ws renamed some element. Unfortunately, change was not visible when I compared .wsdl with theirs because .wsdl file had .xsd import which actually contained renamed element. After I found change, I updated my .xsd file and tada! error is gone and it worked.
In my case, the following exception was throwing even I've supplied all the parameters
SoapFault exception: [S:Client] Cannot find dispatch method for {}parameters in
After banging my head few hours, just adding a \ while initializing SoapClient solved the problem.
From:
$client = new SoapClient($soapURL);
To:
$client = new \SoapClient($soapURL);
I had the same issue in my .NET Application, In my case setting url same as "http://x-xxx-xx-xx-01:8080//TestProject/testproject?wsdl" (dummy url) solved the problem in the below code.
Vb.Net
Dim rptGen as WSTestProject.testproject = Nothing
rptGen = New WSTestProject.testproject With {
.Url = "http://x-xxx-xx-xx-01:8080//TestProject/testproject?wsdl",
.Timeout = 1200000
}
Here, WSTestProject is the WebService NameSpace and testproject is the web method.
I am using a feign client for soap and I had the similar issue,Adding the correct namespace to the JAXB request and response object resolve the issue.
The issue was in my environment was the wsdl cache in php. The updated wsdl was not picked by the client and it was referring to the old wsdl.
You can do either one of the following options when you do the development of the web service and test, as the wsdl change during the update/implementation of the web service
Add WSDL_CACHE_NONE to soap client creation
$myServices_client = new SoapClient($myServices_wsdl_URL, array('cache_wsdl' => WSDL_CACHE_NONE) );
Set initialization parameter
ini_set("soap.wsdl_cache_enabled", 0);
Adding '/' will work for you.
Error: Cannot find dispatch method for {http://zzz.com}servicename
Not Working Request: xmlns:ser='http://zzz.com'>
Working Request: xmlns:ser='http://zzz.com/'>
I picked up an old Java project. I am not sure how it worked before, but I saw similar error and the reason was in wrong SOAP HTTP endpoint binding at server side.
Doesn't work:
Endpoint.create(HTTPBinding.HTTP_BINDING, servicePortType);
Works:
Endpoint.create(SOAPBinding.SOAP11HTTP_BINDING, servicePortType);

"get" not working in perl

I'm new to perl. In the past few days, I've made some simple scripts that save websites' source codes to my computer via "get." They do what they're supposed to, but will not get the content of a website which is a forum. Non-forum websites work just fine.
Any idea what's going on? Here's the problem chunk:
my $url = 'http://www.computerforum.com/';
my $content = get $url || die "Unable to get content";
http://p3rl.org/LWP::Simple#get:
The get() function will fetch the document identified by the given URL and return it. It returns undef if it fails. […]
You will not be able to examine the response code or response headers (like 'Content-Type') when you are accessing the web using this function. If you need that information you should use the full OO interface (see LWP::UserAgent).
You really need better error reporting, switch to the LWP::UserAgent library. I suspect the forum software blocks the LWP user agent.