I came across multiple GWT applications that cannot be processed and analyzed by GWTMap. What all these GWT apps have in common is that they deliver their code inside html files.
This URL is provided to GWTMap.
The server response looks like the following:
(...)
function com_customer_myapp_gwt_myGwtAppDesktop(){var U='',Cb='" for "gwt:onLoadErrorFn"',Ab='" for "gwt:onPropertyErrorFn"',nb='"><\/script>',cb='#',Kb='&',xc='.cache.html',eb='/',qb='//',ac='<snip>',bc='<snip>',cc='<snip>',ec='<snip>',gc='<snip>',hc='<snip>',ic='<snip>',jc='<snip>',kc='<snip>',lc='<snip>',mc='<snip>',nc='<snip>',oc='<snip>',pc='9A44xxxxxxxxxxxxxxxxxxxxxxxxAB34',wc=':',ub='::',zc='<script defer="defer">com_customer_myapp_gwt_myGwtAppDesktop.onInjectionDone(\'com.customer.myApp.gwt.myGwtAppDesktop\')<\/script>',mb='<script id="',xb='=',db='?',qc='<snip>',rc='<snip>',sc='<snip>',zb='Bad handler "',tc='<snip>',uc='<snip>',yc='DOMContentLoaded',vc='<snip>',ob='SCRIPT',Nb='Unexpected exception in locale detection, using default: ',Mb='_',Lb='__gwt_Locale',lb='__gwt_marker_com.customer.myApp.gwt.myGwtAppDesktop',pb='base',hb='baseUrl',Y='begin',X='bootstrap',gb='clear.cache.gif',V='com.customer.myApp.gwt.myGwtAppDesktop',jb='com.customer.myApp.gwt.myGwtAppDesktop.nocache.js',tb='com.customer.myApp.gwt.myGwtAppDesktop::',wb='content',_b='de',fc='de_CH',Ib='default',bb='end',dc='fr',Vb='gecko',Wb='gecko1_8',Z='gwt.codesvr=',$='gwt.hosted=',_='gwt.hybrid',Bb='gwt:onLoadErrorFn',yb='gwt:onPropertyErrorFn',vb='gwt:property',Zb='hosted.html?com_customer_myapp_gwt_myGwtAppDesktop',Sb='ie10',Ub='ie8',Tb='ie9',Db='iframe',fb='img',Eb="javascript:''",Yb='loadExternalRefs',Hb='locale',Jb='locale=',rb='meta',Gb='moduleRequested',ab='moduleStartup',Rb='msie',sb='name',Fb='position:absolute;width:0;height:0;border:none',Qb='safari',ib='script',$b='selectingPermutation',W='startup',kb='undefined',Xb='unknown',Ob='user.agent',Pb='webkit';
(...)
Even if the permutation is detected correctly, the futher processing will fail as GWTMap does not expect HTML files:
.\gwtmap.py: error: target resource seems invalid...
Target resource must be:
1) Obfuscated {name}.nocache.js GWT bootstrap file
2) Obfuscated {hex}.cache.js GWT permutation file
3) Obfuscated {int}.cache.js GWT deferred fragment file
<html><head><meta charset="UTF-8" /><script>var $gwt_version = "2.6.1";var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;var $strongName = '9A44xxxxxxxxxxxxxxxxxxxxxxxxAB34';var $stats = $wnd.__gwtStatsEvent ? function(a) {return $wnd.__gwtStatsEvent(a);} : null,$sessionId = $wnd.__gwtStatsSessionId ? $wnd.__gwtStatsSessionId : null;$stats && $stats({moduleName:'com.customer.myApp.gwt.myGwtAppDesktop',sessionId:$sessionId,subSystem:'startup',evtGroup:'moduleStartup',millis:(new Date()).getTime(),type:'moduleEvalStart'});</script></head><body><script><!--
function db(){}
function mb(){}
function Yb(){}
function Tk(){}
function Tq(){}
function Pq(){}
(...)
I came across multiple GWT applications that cannot be processed and analyzed by GWTMap. What all these GWT apps have in common is that they deliver their code inside html files.
https://test.customer.com/apps/path/secure/com.customer.myApp.gwt.myGwtAppDesktop/com.customer.myApp.gwt.myGwtAppDesktop.nocache.js.This URL is provided to GWTMap.
The server response looks like the following:
However, GWTMap can't process this first response as
extract_permutations()returnsNone(https://github.com/FSecureLABS/GWTMap/blob/main/gwtmap.py#L304).Even if the permutation is detected correctly, the futher processing will fail as GWTMap does not expect HTML files:
In the browser, the file
9A44xxxxxxxxxxxxxxxxxxxxxxxxAB34.cache.htmlis now being requested (URL:https://test.customer.com/apps/path/secure/com.customer.myApp.gwt.myGwtAppDesktop/9A44xxxxxxxxxxxxxxxxxxxxxxxxAB34.cache.html) with the following content: