|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: WAP & HTTP->WTP
From: Roelof Temmingh (roelof
SENSEPOST.COM)Date: Tue Oct 03 2000 - 18:31:13 CDT
- Next message: Panayiotis A. Thermos: "Re: Proxy server object cache poisoning?"
- Previous message: Harrington, Perry: "Re: Traceroute exploit details"
- Next in thread: Vitaly Osipov: "Re: WAP & HTTP->WTP"
- Reply: Vitaly Osipov: "Re: WAP & HTTP->WTP"
- Reply: Stefan Sundkvist: "SV: WAP & HTTP->WTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
All,
I have a question - it could turn out to be a really silly question. Its
WAP-ish, so excuses if most of the question is about WAP. I do think it is
relevant in the end.
The way I understand how WAP works is as follows:
1. Phone connects to a normal RAS service (NT RAS,Shiva, whatever) via PPP.
2. Phone sends request (WTP) to WAP gateway on UDP port 9201
3. WAP GW connects HTTP/HTTPS to a webserver
(4). WAP GW possibly changes some HTML into WML
5. GW responds (WTP) (either native or converted) to the phone - UDP again.
The request the user enters on the phone is normal URLs. Let us assume that
the user is asking for something like:
http://target/iissamples/issamples/query.asp.
Let us assume that the GW converts the HTML response to WML (is this
right?). The phone now gets the response in WML and the user can run searches.
Let us take it a bit further. Let us assume that the server (the webserver) has
many exploitable CGIs etc., and I want to scan these - but the webserver is
only accessible via the WAP GW. What I need is a reverse WAP GW so that
the complete picture looks like this:
[scanner]<--HTTP(TCP)->
[converter (reverse WAP GW)]<--WTP(UDP)-->
[WAP GW]<--HTTP(TCP)->
[webserver]
Am I right in saying that this is possible? Has anyone experience with this? Is
there a HTTP->WTP and HTML->WML converter?
Another question. I downloaded a few WAP emulators. Nice..but the problem
is that these emulators also acts as a WAP GW. That is - should you monitor
network traffic going out of the emulator you should see normal HTTP traffic -
it does not use a WAPGW (it seems builtin, or it only supports native WML
sites). Is there a WAP emulator that can make use of an (external) WAPGW as
the real phones does?
Am I understanding this correct?
Thanks for your time,
Roelof.
------------------------------------------------------
Roelof W Temmingh SensePost IT security
roelofsensepost.com +27 83 448 6996
http://www.sensepost.com
- Next message: Panayiotis A. Thermos: "Re: Proxy server object cache poisoning?"
- Previous message: Harrington, Perry: "Re: Traceroute exploit details"
- Next in thread: Vitaly Osipov: "Re: WAP & HTTP->WTP"
- Reply: Vitaly Osipov: "Re: WAP & HTTP->WTP"
- Reply: Stefan Sundkvist: "SV: WAP & HTTP->WTP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]