- Install dependencies listed below.
- Start the service by entering
python burp_gwt_wrapper.py
in a terminal. - Save the request(s) you'd like to scan in Burp Suite to XML files in the same directory as
burp_gwt_wrapper.py
. - Open http://localhost:5000/ in a browser.
- Select the XML file and the request you'd like to scan.
- Use your favorite tool (intuition, Burp Suite Scanner, sqlmap, etc.) to scan the service.
- Python 2.5+ (tested on Python 2.7.3)
gwtparse
from https://github.com/GDSSecurity/GWT-Penetration-Testing-Toolset- Flask (Debian/Ubuntu package:
python-flask
) - Requests (Debian/Ubuntu package:
python-requests
) - LXML (Debian/Ubuntu package:
python-lxml
)
The whole project is available under MIT license.
- GWT RPC protocol support depends on
gwtparse
, so version 6 works, but for everything else YMMV