mirror of
				https://github.com/HackTricks-wiki/hacktricks.git
				synced 2025-10-10 18:36:50 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			141 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			141 lines
		
	
	
		
			5.9 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Pentesting gRPC-Web
 | |
| 
 | |
| {{#include ../banners/hacktricks-training.md}}
 | |
| 
 | |
| ## **Kuhusisha Payloads za gRPC-Web**
 | |
| 
 | |
| gRPC-Web inatumia Content-Type: `application/grpc-web-text` katika maombi ambayo ni aina ya protobuf katika fomu ya base64 encoded, unaweza kutumia [gprc-coder](https://github.com/nxenon/grpc-pentest-suite) chombo, na unaweza pia kufunga [Burp Suite Extension](https://github.com/nxenon/grpc-pentest-suite).
 | |
| 
 | |
| ### **Mikono na Chombo cha gGRPC Coder**
 | |
| 
 | |
| 1. Kwanza dekodi payload:
 | |
| ```bash
 | |
| echo "AAAAABYSC0FtaW4gTmFzaXJpGDY6BVhlbm9u" | python3 grpc-coder.py --decode --type grpc-web-text | protoscope > out.txt
 | |
| ```
 | |
| 2. Hariri maudhui ya payload iliyotafsiriwa
 | |
| ```
 | |
| nano out.txt
 | |
| 2: {"Amin Nasiri Xenon GRPC"}
 | |
| 3: 54
 | |
| 7: {"<script>alert(origin)</script>"}
 | |
| ```
 | |
| 3. Fanya encoding ya payload mpya
 | |
| ```bash
 | |
| protoscope -s out.txt | python3 grpc-coder.py --encode --type grpc-web-text
 | |
| ```
 | |
| 4. Tumia matokeo katika Burp interceptor:
 | |
| ```
 | |
| AAAAADoSFkFtaW4gTmFzaXJpIFhlbm9uIEdSUEMYNjoePHNjcmlwdD5hbGVydChvcmlnaW4pPC9zY3JpcHQ+
 | |
| ```
 | |
| ### **Mwongozo na gRPC-Web Coder Burp Suite Extension**
 | |
| 
 | |
| Unaweza kutumia gRPC-Web Coder Burp Suite Extension katika [gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite) ambayo ni rahisi zaidi. Unaweza kusoma maagizo ya usakinishaji na matumizi katika repo yake.
 | |
| 
 | |
| ## **Kuchambua Faili za gRPC-Web Javascript**
 | |
| 
 | |
| Kuna angalau faili moja ya Javascript katika kila programu ya gRPC-Web. Unaweza kuchambua faili hiyo ili kupata ujumbe mpya, maeneo ya mwisho na huduma. Jaribu kutumia zana ya [gRPC-Scan](https://github.com/nxenon/grpc-pentest-suite).
 | |
| 
 | |
| 1. Pakua Faili ya Javascript gRPC-Web
 | |
| 2. Scan na grpc-scan.py:
 | |
| ```bash
 | |
| python3 grpc-scan.py --file main.js
 | |
| ```
 | |
| 3. Changanua matokeo na jaribu njia mpya na huduma mpya:
 | |
| ```
 | |
| Output:
 | |
| Found Endpoints:
 | |
| /grpc.gateway.testing.EchoService/Echo
 | |
| /grpc.gateway.testing.EchoService/EchoAbort
 | |
| /grpc.gateway.testing.EchoService/NoOp
 | |
| /grpc.gateway.testing.EchoService/ServerStreamingEcho
 | |
| /grpc.gateway.testing.EchoService/ServerStreamingEchoAbort
 | |
| 
 | |
| Found Messages:
 | |
| 
 | |
| grpc.gateway.testing.EchoRequest:
 | |
| +------------+--------------------+--------------+
 | |
| | Field Name |     Field Type     | Field Number |
 | |
| +============+====================+==============+
 | |
| | Message    | Proto3StringField  | 1            |
 | |
| +------------+--------------------+--------------+
 | |
| | Name       | Proto3StringField  | 2            |
 | |
| +------------+--------------------+--------------+
 | |
| | Age        | Proto3IntField     | 3            |
 | |
| +------------+--------------------+--------------+
 | |
| | IsAdmin    | Proto3BooleanField | 4            |
 | |
| +------------+--------------------+--------------+
 | |
| | Weight     | Proto3FloatField   | 5            |
 | |
| +------------+--------------------+--------------+
 | |
| | Test       | Proto3StringField  | 6            |
 | |
| +------------+--------------------+--------------+
 | |
| | Test2      | Proto3StringField  | 7            |
 | |
| +------------+--------------------+--------------+
 | |
| | Test3      | Proto3StringField  | 16           |
 | |
| +------------+--------------------+--------------+
 | |
| | Test4      | Proto3StringField  | 20           |
 | |
| +------------+--------------------+--------------+
 | |
| 
 | |
| grpc.gateway.testing.EchoResponse:
 | |
| +--------------+--------------------+--------------+
 | |
| |  Field Name  |     Field Type     | Field Number |
 | |
| +==============+====================+==============+
 | |
| | Message      | Proto3StringField  | 1            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Name         | Proto3StringField  | 2            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Age          | Proto3IntField     | 3            |
 | |
| +--------------+--------------------+--------------+
 | |
| | IsAdmin      | Proto3BooleanField | 4            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Weight       | Proto3FloatField   | 5            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Test         | Proto3StringField  | 6            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Test2        | Proto3StringField  | 7            |
 | |
| +--------------+--------------------+--------------+
 | |
| | Test3        | Proto3StringField  | 16           |
 | |
| +--------------+--------------------+--------------+
 | |
| | Test4        | Proto3StringField  | 20           |
 | |
| +--------------+--------------------+--------------+
 | |
| | MessageCount | Proto3IntField     | 8            |
 | |
| +--------------+--------------------+--------------+
 | |
| 
 | |
| grpc.gateway.testing.ServerStreamingEchoRequest:
 | |
| +-----------------+-------------------+--------------+
 | |
| |   Field Name    |    Field Type     | Field Number |
 | |
| +=================+===================+==============+
 | |
| | Message         | Proto3StringField | 1            |
 | |
| +-----------------+-------------------+--------------+
 | |
| | MessageCount    | Proto3IntField    | 2            |
 | |
| +-----------------+-------------------+--------------+
 | |
| | MessageInterval | Proto3IntField    | 3            |
 | |
| +-----------------+-------------------+--------------+
 | |
| 
 | |
| grpc.gateway.testing.ServerStreamingEchoResponse:
 | |
| +------------+-------------------+--------------+
 | |
| | Field Name |    Field Type     | Field Number |
 | |
| +============+===================+==============+
 | |
| | Message    | Proto3StringField | 1            |
 | |
| +------------+-------------------+--------------+
 | |
| 
 | |
| grpc.gateway.testing.ClientStreamingEchoRequest:
 | |
| +------------+-------------------+--------------+
 | |
| | Field Name |    Field Type     | Field Number |
 | |
| +============+===================+==============+
 | |
| | Message    | Proto3StringField | 1            |
 | |
| +------------+-------------------+--------------+
 | |
| 
 | |
| grpc.gateway.testing.ClientStreamingEchoResponse:
 | |
| +--------------+----------------+--------------+
 | |
| |  Field Name  |   Field Type   | Field Number |
 | |
| +==============+================+==============+
 | |
| | MessageCount | Proto3IntField | 1            |
 | |
| +--------------+----------------+--------------+
 | |
| ```
 | |
| ## Marejeo
 | |
| 
 | |
| - [Kuhacking katika gRPC-Web Makala na Amin Nasiri](https://infosecwriteups.com/hacking-into-grpc-web-a54053757a45)
 | |
| - [gRPC-Web Pentest Suite](https://github.com/nxenon/grpc-pentest-suite)
 | |
| 
 | |
| {{#include ../banners/hacktricks-training.md}}
 |