Edit

gRPC-Web Pentest

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Manipulating gRPC-Web Payloads

gRPC-Web uses Content-Type: application/grpc-web-text in requests which is kind of protobuf in base64 encoded form, you can use gprc-coder tool ,and you can also install its Burp Suite Extension.

Manual with gGRPC Coder Tool

  1. First decode the payload:

echo "AAAAABYSC0FtaW4gTmFzaXJpGDY6BVhlbm9u" | python3 grpc-coder.py --decode --type grpc-web-text | protoscope > out.txt

  1. Edit the content of decoded payload

nano out.txt
2: {"Amin Nasiri Xenon GRPC"}
3: 54
7: {"<script>alert(origin)</script>"}

  1. Encode the new payload

protoscope -s out.txt | python3 grpc-coder.py --encode --type grpc-web-text

  1. Use output in Burp interceptor:

Manual with gRPC-Web Coder Burp Suite Extension

You can use gRPC-Web Coder Burp Suite Extension in gRPC-Web Pentest Suite which is easier. You can read the installation and usage instruction in its repo.

Analysing gRPC-Web Javascript Files

There is at least one Javascript file in every gRPC-Web application. You can analyse the file to find new messages, endpoints and services. Try using gRPC-Scan tool.

  1. Download the Javascript gRPC-Web File

  2. Scan it with grpc-scan.py:

  1. Analyse output and test the new endpoints and new services:

References

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
PreviousFormula/CSV/Doc/LaTeX/GhostScript InjectionNextHTTP Connection Contamination

Last updated