Vulnerability Development mailing list archives

WAP & HTTP->WTP

From: Roelof Temmingh <roelof () SENSEPOST COM>
Date: Wed, 4 Oct 2000 01:31:13 +0200

All,

I have a question - it could turn out to be a really silly question. Its
WAP-ish, so excuses if most of the question is about WAP. I do think it is
relevant in the end.

The way I understand how WAP works is as follows:

1. Phone connects to a normal RAS service (NT RAS,Shiva, whatever) via PPP.
2. Phone sends request (WTP) to WAP gateway on UDP port 9201
3. WAP GW connects HTTP/HTTPS to a webserver
(4). WAP GW possibly changes some HTML into WML
5. GW responds (WTP) (either native or converted) to the phone - UDP again.

The request the user enters on the phone is normal URLs. Let us assume that
the user is asking for something like:

http://target/iissamples/issamples/query.asp.

Let us assume that the GW converts the HTML response to WML (is this
right?). The phone now gets the response in WML and the user can run searches.

Let us take it a bit further. Let us assume that the server (the webserver) has
many exploitable CGIs etc., and I want to scan these - but the webserver is
only accessible via the WAP GW. What I need is a reverse WAP GW so that
the complete picture looks like this:

[scanner]<--HTTP(TCP)->
[converter (reverse WAP GW)]<--WTP(UDP)-->
[WAP GW]<--HTTP(TCP)->
[webserver]

Am I right in saying that this is possible? Has anyone experience with this? Is
there a HTTP->WTP and HTML->WML converter?

Another question. I downloaded a few WAP emulators. Nice..but the problem
is that these emulators also acts as a WAP GW. That is - should you monitor
network traffic going out of the emulator you should see normal HTTP traffic -
it does not use a WAPGW (it seems builtin, or it only supports native WML
sites). Is there a WAP emulator that can make use of an (external) WAPGW as
the real phones does?

Am I understanding this correct?
Thanks for your time,
Roelof.

------------------------------------------------------
Roelof W Temmingh               SensePost IT security
roelof () sensepost com         +27 83 448 6996
                http://www.sensepost.com

Current thread:

WAP & HTTP->WTP Roelof Temmingh (Oct 03)
- Re: WAP & HTTP->WTP Vitaly Osipov (Oct 05)
- SV: WAP & HTTP->WTP Stefan Sundkvist (Oct 05)