Vulnerability Development mailing list archives
WAP & HTTP->WTP
From: Roelof Temmingh <roelof () SENSEPOST COM>
Date: Wed, 4 Oct 2000 01:31:13 +0200
All, I have a question - it could turn out to be a really silly question. Its WAP-ish, so excuses if most of the question is about WAP. I do think it is relevant in the end. The way I understand how WAP works is as follows: 1. Phone connects to a normal RAS service (NT RAS,Shiva, whatever) via PPP. 2. Phone sends request (WTP) to WAP gateway on UDP port 9201 3. WAP GW connects HTTP/HTTPS to a webserver (4). WAP GW possibly changes some HTML into WML 5. GW responds (WTP) (either native or converted) to the phone - UDP again. The request the user enters on the phone is normal URLs. Let us assume that the user is asking for something like: http://target/iissamples/issamples/query.asp. Let us assume that the GW converts the HTML response to WML (is this right?). The phone now gets the response in WML and the user can run searches. Let us take it a bit further. Let us assume that the server (the webserver) has many exploitable CGIs etc., and I want to scan these - but the webserver is only accessible via the WAP GW. What I need is a reverse WAP GW so that the complete picture looks like this: [scanner]<--HTTP(TCP)-> [converter (reverse WAP GW)]<--WTP(UDP)--> [WAP GW]<--HTTP(TCP)-> [webserver] Am I right in saying that this is possible? Has anyone experience with this? Is there a HTTP->WTP and HTML->WML converter? Another question. I downloaded a few WAP emulators. Nice..but the problem is that these emulators also acts as a WAP GW. That is - should you monitor network traffic going out of the emulator you should see normal HTTP traffic - it does not use a WAPGW (it seems builtin, or it only supports native WML sites). Is there a WAP emulator that can make use of an (external) WAPGW as the real phones does? Am I understanding this correct? Thanks for your time, Roelof. ------------------------------------------------------ Roelof W Temmingh SensePost IT security roelof () sensepost com +27 83 448 6996 http://www.sensepost.com
Current thread:
- WAP & HTTP->WTP Roelof Temmingh (Oct 03)
- Re: WAP & HTTP->WTP Vitaly Osipov (Oct 05)
- SV: WAP & HTTP->WTP Stefan Sundkvist (Oct 05)