Hacking into gRPC-Web : Part 2

Manipulating application/grpc-web+proto Content-Type

Overview

I am writing this story because some hunters have asked me to know how we can manipulate and pentest application/grpc-web+proto Content-Type, because it is different from application/grpc-web-text which I talked about in this article: Hacking into gRPC-Web. I would recommend you to read it.

Payload

When you face with grpc-web+proto requests, the payload is like this (for confidentiality reasons I have to make some parts of payload hidden) :

application/grpc-web+proto Payload

In my last article, I was working on creating an option for decoding grpc-web+proto too, but I was not fully successful in coding that part. So I researched more and found out that there is a nice tool for application/grpc-web+proto Content-Type which is blackboxprotobuf. And I used this library in my repo and now you are able to decode/encode grpc-web+proto format easily using grpc-pentest-suite.

How Does The Extension Work

Usage of extension is so easy when you are intercepting requests in message editor or in repeater, it is such easy as this:

gRPC-Web (application/grpc-web+proto) Decoded

But be careful, you have to keep the format correct (“ [ ]). If you break the json-like format, the extension is not able to encode the payload. Just edit the payload and the extension automatically changes the main message in request.

Happy Hacking…

Other Resources

See Hacking into gRPC-Web : Part 1