SlideShare a Scribd company logo

WebShell - confoo 2011 - sean coates

Bachkoutou Toutou, profile picture
Bachkoutou Toutou

The document discusses Webshell, a command line tool for making HTTP requests and processing responses. It allows sending GET and POST requests, following redirects, and provides methods for parsing JSON responses. Webshell provides an interactive shell interface for working with HTTP, similar to cURL but with added JavaScript capabilities for manipulating responses.

1 of 113
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
Webshell by Sean Coates and Evan Haas Smart, Scripted HTTP Sean Coates ConFoo March 2011 Wednesday, March 9, 2011
Assumptions Wednesday, March 9, 2011
Assumptions •You know what HTTP is Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS •You care about any of this… Wednesday, March 9, 2011
What? Wednesday, March 9, 2011
What? •cURL replacement •REST(ish/ful/y) •Scriptable and interactive •Persistent •node.js •(like http-console) •https://github.com/fictivekin/webshell Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …not cURL? Wednesday, March 9, 2011
Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Wednesday, March 9, 2011
Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Webshell: http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …JavaScript? Wednesday, March 9, 2011
Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …node.js? •good console “framework” •File operations •REPL + Readline •HTTP client •non-blocking Wednesday, March 9, 2011
Wednesday, March 9, 2011
ZZZzzzzzzzzzzzzzzzz… Wednesday, March 9, 2011
Simple HTTP requests http://localhost > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_ Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > $_.raw.substring(0, 50) '<!doctype html><html><head><meta http-equiv="conte' Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > $_.json { one: 1, two: 2, three: 3 } Wednesday, March 9, 2011
JSON Processing http://localhost > Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.saveContext("twitter-coates") Saved context: twitter-coates http://twitter.com > ^D Saved context: _previous Wednesday, March 9, 2011
Contexts Time passes. You use Webshell for other things… Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
HTTP Auth http://twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > $_.json[0].in_reply_to_ screen_name 'coates' Wednesday, March 9, 2011
Cookies http://localhost > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 5 times.' Wednesday, March 9, 2011
HTTP Verbs http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } $_.postToRequestData $_.fileToRequestData Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.fictivekin.com > Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
HTTP Headers (inspect) http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > $_.headers { date: 'Sat, 06 Nov 2010 21:14:02 GMT' , server: 'Apache/2.2.15 (Unix) PHP/5.3.3-dev mod_ssl/2.2.15 OpenSSL/0.9.8l' , 'content-length': '3617' , connection: 'close' , 'content-type': 'text/html;charset=ISO-8859-1' } Wednesday, March 9, 2011
HTTP Headers (set) http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.headers['content-type'] 'text/plain;charset=utf-8' http://localhost:5984 > $_.json http://localhost:5984 > // no JSON )-: Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox.lastTweet = function (username) { ... $_.get('http://twitter.com/statuses/user_timeline' + username + '.json', ... function () { if ($_.status == 200) { ... console.log("Last tweet: " + $_.json[0].text) ... }}); ... } [Function] Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > $_.toolbox.lastTweet('userwhodoesntexist') HTTP 404 http://twitter.com/statuses/user_timeline/ userwhodoesntexist.json http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox.prod_unapproved() HTTP 200 http://prod.gimmebar.vpn:5984/gimmebar/_design/ InviteRequest/_view/by_unapproved Unapproved: 99 http://prod.gimmebar.vpn:5984 > Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML 'n <a href=''>FAQ</a>n <h2>Frequently Asked Questions</h2>n' Wednesday, March 9, 2011
HTML & DOM Wednesday, March 9, 2011
HTML & DOM •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { sys.puts($(this).attr ('src'));}) Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { console.log($(this).attr ('src'));}) images/fk2_no.png images/dot1.png images/dot2.png images/dot3.png Wednesday, March 9, 2011
jQuery Wednesday, March 9, 2011
jQuery •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
Concurrency Wednesday, March 9, 2011
Concurrency •Node == powerful (story time) •$_.requestConcurrency •Still a little flaky Wednesday, March 9, 2011
Future? Wednesday, March 9, 2011
Future? •Broken on new versions of Node )-: •First things are to get that in order, and do some cleanup •More distant future: •Mongo? •Import browser cookies •Improve readline/UI Wednesday, March 9, 2011
New name? Wednesday, March 9, 2011
New name? •Looking for a new name •Too much noise on “web shell” •We look like a security exploit )-: Wednesday, March 9, 2011
Webshell https://github.com/fictivekin/webshell http://joind.in/2805 Me: http://seancoates.com sean@seancoates.com @coates Work: https://gimmebar.com http://fictivekin.com Wednesday, March 9, 2011

More Related Content

PDF
Ilugc curl
Akilan Ram
 
PDF
Introduction HTTP via cURL
Kyosuke MOROHASHI
 
PDF
From zero to almost rails in about a million slides...
david_e_worth
 
PDF
Armorizing applications
Iftach Ian Amit
 
ZIP
Intro to the Internet & HTML
chrisramey
 
PDF
Yahoo is open to developers
Christian Heilmann
 
PPTX
Inside a Digital Collection: Historic Clothing in Omeka
Arden Kirkland
 
PDF
開放源碼電子書與EPUB幕後排版
Kyle Lin
 
Ilugc curl
Akilan Ram
 
Introduction HTTP via cURL
Kyosuke MOROHASHI
 
From zero to almost rails in about a million slides...
david_e_worth
 
Armorizing applications
Iftach Ian Amit
 
Intro to the Internet & HTML
chrisramey
 
Yahoo is open to developers
Christian Heilmann
 
Inside a Digital Collection: Historic Clothing in Omeka
Arden Kirkland
 
開放源碼電子書與EPUB幕後排版
Kyle Lin
 

What's hot (8)

PPT
Introduction to python scrapping
n|u - The Open Security Community
 
PDF
Drupal and Cloud Containers
Josh Koenig
 
PDF
Python beautiful soup - bs4
Eueung Mulyana
 
PDF
Cors michael
Michael Neale
 
PPTX
.htaccess for SEOs - A presentation by Roxana Stingu
Roxana Stingu
 
PPT
PHP
Gouthaman V
 
PDF
Mwrc2011 cookbook design patterns
jtimberman
 
PDF
SmartData Webinar Slides JSON-LD
DATAVERSITY
 
Introduction to python scrapping
n|u - The Open Security Community
 
Drupal and Cloud Containers
Josh Koenig
 
Python beautiful soup - bs4
Eueung Mulyana
 
Cors michael
Michael Neale
 
.htaccess for SEOs - A presentation by Roxana Stingu
Roxana Stingu
 
PHP
Gouthaman V
 
Mwrc2011 cookbook design patterns
jtimberman
 
SmartData Webinar Slides JSON-LD
DATAVERSITY
 
Ad

Viewers also liked (13)

PPTX
Speed detection using camera
Binumon Joseph
 
PPT
Vehicle detection through image processing
Ghazalpreet Kaur
 
PPTX
Traffic jam detection using image processing
Sai As Sharman
 
PDF
Docker and java
Anthony Dahanne
 
PPTX
Top 50 java ee 7 best practices [con5669]
Ryan Cuprak
 
PPTX
Docker and java, at Montréal JUG
Anthony Dahanne
 
PPTX
Real time image processing ppt
ashwini.jagdhane
 
PPTX
Selection of the research problem
Manu Antony
 
PPTX
Containerless in the Cloud with AWS Lambda
Ryan Cuprak
 
PPTX
Get more than a cache back! - ConFoo Montreal
Maarten Balliauw
 
PPT
Digital Image Processing
Sahil Biswas
 
PPTX
Faster Java EE Builds with Gradle
Ryan Cuprak
 
PDF
Crystal clear service interfaces w/ Swagger/OpenAPI
Scott Triglia
 
Speed detection using camera
Binumon Joseph
 
Vehicle detection through image processing
Ghazalpreet Kaur
 
Traffic jam detection using image processing
Sai As Sharman
 
Docker and java
Anthony Dahanne
 
Top 50 java ee 7 best practices [con5669]
Ryan Cuprak
 
Docker and java, at Montréal JUG
Anthony Dahanne
 
Real time image processing ppt
ashwini.jagdhane
 
Selection of the research problem
Manu Antony
 
Containerless in the Cloud with AWS Lambda
Ryan Cuprak
 
Get more than a cache back! - ConFoo Montreal
Maarten Balliauw
 
Digital Image Processing
Sahil Biswas
 
Faster Java EE Builds with Gradle
Ryan Cuprak
 
Crystal clear service interfaces w/ Swagger/OpenAPI
Scott Triglia
 
Ad

Similar to WebShell - confoo 2011 - sean coates (20)

PDF
Node js techtalksto
Jason Diller
 
PDF
In depth with html5 java2days 2010
Mystic Coders, LLC
 
PPT
Apachecon 2011 stanbol_ogrisel
Nuxeo
 
PPT
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Nuxeo
 
PDF
An introduction to HTTP/2 for SEOs
Tom Anthony
 
PDF
Searching does not mean finding Stuff - Apache Solr for TYPO3
Olivier Dobberkau
 
PDF
The Fast, The Slow and the Lazy
Maurício Linhares
 
PDF
Brian Hogg - Web Apps using HTML5 and JS
#DevTO
 
PPT
Rails 101
The Active Network
 
PDF
Joomla: 10 years of progress (jd15fr)
Peter Martin
 
PDF
HTML5 - Yeah!
J Cornelius
 
PPT
(Re-) Discovering Lost Web Pages
Michael Nelson
 
PDF
Rendering Views in JavaScript - "The New Web Architecture"
Jonathan Julian
 
PDF
Using HTML5 sensibly
Christian Heilmann
 
PDF
Mike hostetler - jQuery knowledge append to you
StarTech Conference
 
PDF
Tim stone.html5.rjug.20110316
Richmond Java User's Group
 
PDF
HTML XHTML HTML5
timstone
 
PDF
Return of the Command Line: New Text Interfaces
David Noble
 
PDF
Frontend Performance - Web Entwickler Forum
Pierre Spring
 
KEY
YQL: Select * from Internet
drgath
 
Node js techtalksto
Jason Diller
 
In depth with html5 java2days 2010
Mystic Coders, LLC
 
Apachecon 2011 stanbol_ogrisel
Nuxeo
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Nuxeo
 
An introduction to HTTP/2 for SEOs
Tom Anthony
 
Searching does not mean finding Stuff - Apache Solr for TYPO3
Olivier Dobberkau
 
The Fast, The Slow and the Lazy
Maurício Linhares
 
Brian Hogg - Web Apps using HTML5 and JS
#DevTO
 
Rails 101
The Active Network
 
Joomla: 10 years of progress (jd15fr)
Peter Martin
 
HTML5 - Yeah!
J Cornelius
 
(Re-) Discovering Lost Web Pages
Michael Nelson
 
Rendering Views in JavaScript - "The New Web Architecture"
Jonathan Julian
 
Using HTML5 sensibly
Christian Heilmann
 
Mike hostetler - jQuery knowledge append to you
StarTech Conference
 
Tim stone.html5.rjug.20110316
Richmond Java User's Group
 
HTML XHTML HTML5
timstone
 
Return of the Command Line: New Text Interfaces
David Noble
 
Frontend Performance - Web Entwickler Forum
Pierre Spring
 
YQL: Select * from Internet
drgath
 

More from Bachkoutou Toutou (14)

PDF
Making php see, confoo 2011
Bachkoutou Toutou
 
PDF
Sean coates fifty things and tricks, confoo 2011
Bachkoutou Toutou
 
PDF
hacking your website with vega, confoo2011
Bachkoutou Toutou
 
PDF
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Bachkoutou Toutou
 
PDF
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Bachkoutou Toutou
 
PDF
Zend Framework 2, What's new, Confoo 2011
Bachkoutou Toutou
 
PDF
Connecting web Applications with Desktop, confoo 2011
Bachkoutou Toutou
 
PDF
Connecting Web Application and Desktop, confoo 2011, qafoo
Bachkoutou Toutou
 
PDF
99 problems but the search aint one, confoo 2011, andrei zmievski
Bachkoutou Toutou
 
PDF
Php Inside - confoo 2011 - Derick Rethans
Bachkoutou Toutou
 
PDF
Stress Free Deployment - Confoo 2011
Bachkoutou Toutou
 
PDF
Apc Memcached Confoo 2011
Bachkoutou Toutou
 
PDF
Xdebug confoo11
Bachkoutou Toutou
 
PDF
Confoo 2011 - Advanced OO Patterns
Bachkoutou Toutou
 
Making php see, confoo 2011
Bachkoutou Toutou
 
Sean coates fifty things and tricks, confoo 2011
Bachkoutou Toutou
 
hacking your website with vega, confoo2011
Bachkoutou Toutou
 
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Bachkoutou Toutou
 
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Bachkoutou Toutou
 
Zend Framework 2, What's new, Confoo 2011
Bachkoutou Toutou
 
Connecting web Applications with Desktop, confoo 2011
Bachkoutou Toutou
 
Connecting Web Application and Desktop, confoo 2011, qafoo
Bachkoutou Toutou
 
99 problems but the search aint one, confoo 2011, andrei zmievski
Bachkoutou Toutou
 
Php Inside - confoo 2011 - Derick Rethans
Bachkoutou Toutou
 
Stress Free Deployment - Confoo 2011
Bachkoutou Toutou
 
Apc Memcached Confoo 2011
Bachkoutou Toutou
 
Xdebug confoo11
Bachkoutou Toutou
 
Confoo 2011 - Advanced OO Patterns
Bachkoutou Toutou
 

WebShell - confoo 2011 - sean coates

  • 1. Webshell by Sean Coates and Evan Haas Smart, Scripted HTTP Sean Coates ConFoo March 2011 Wednesday, March 9, 2011
  • 3. Assumptions •You know what HTTP is Wednesday, March 9, 2011
  • 4. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) Wednesday, March 9, 2011
  • 5. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS Wednesday, March 9, 2011
  • 6. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS •You care about any of this… Wednesday, March 9, 2011
  • 8. What? •cURL replacement •REST(ish/ful/y) •Scriptable and interactive •Persistent •node.js •(like http-console) •https://github.com/fictivekin/webshell Wednesday, March 9, 2011
  • 10. Why… …not cURL? Wednesday, March 9, 2011
  • 11. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Wednesday, March 9, 2011
  • 12. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Webshell: http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 14. Why… …JavaScript? Wednesday, March 9, 2011
  • 15. Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
  • 16. Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
  • 18. Why… …node.js? •good console “framework” •File operations •REPL + Readline •HTTP client •non-blocking Wednesday, March 9, 2011
  • 21. Simple HTTP requests http://localhost > Wednesday, March 9, 2011
  • 22. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > Wednesday, March 9, 2011
  • 23. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_ Wednesday, March 9, 2011
  • 24. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
  • 25. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
  • 26. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > Wednesday, March 9, 2011
  • 27. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() Wednesday, March 9, 2011
  • 28. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > Wednesday, March 9, 2011
  • 29. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
  • 30. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > $_.raw.substring(0, 50) '<!doctype html><html><head><meta http-equiv="conte' Wednesday, March 9, 2011
  • 31. Relative Requests (sort of) http://localhost > Wednesday, March 9, 2011
  • 32. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 33. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 34. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > Wednesday, March 9, 2011
  • 35. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 36. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > $_.json { one: 1, two: 2, three: 3 } Wednesday, March 9, 2011
  • 37. JSON Processing http://localhost > Wednesday, March 9, 2011
  • 38. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
  • 39. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 40. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
  • 41. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
  • 42. Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
  • 43. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
  • 44. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
  • 45. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
  • 46. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.saveContext("twitter-coates") Saved context: twitter-coates http://twitter.com > ^D Saved context: _previous Wednesday, March 9, 2011
  • 47. Contexts Time passes. You use Webshell for other things… Wednesday, March 9, 2011
  • 48. Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
  • 49. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > Wednesday, March 9, 2011
  • 50. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > Wednesday, March 9, 2011
  • 51. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 52. HTTP Auth http://twitter.com > Wednesday, March 9, 2011
  • 53. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json Wednesday, March 9, 2011
  • 54. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 55. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json Wednesday, March 9, 2011
  • 56. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 57. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 58. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > $_.json[0].in_reply_to_ screen_name 'coates' Wednesday, March 9, 2011
  • 59. Cookies http://localhost > Wednesday, March 9, 2011
  • 60. Cookies (unless $_.useCookies is set to false) http://localhost > Wednesday, March 9, 2011
  • 61. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 62. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > Wednesday, March 9, 2011
  • 63. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > Wednesday, March 9, 2011
  • 64. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 5 times.' Wednesday, March 9, 2011
  • 65. HTTP Verbs http://localhost > Wednesday, March 9, 2011
  • 66. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > Wednesday, March 9, 2011
  • 67. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > Wednesday, March 9, 2011
  • 68. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
  • 69. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
  • 70. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } $_.postToRequestData $_.fileToRequestData Wednesday, March 9, 2011
  • 71. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') Wednesday, March 9, 2011
  • 72. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.fictivekin.com > Wednesday, March 9, 2011
  • 73. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
  • 74. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
  • 75. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
  • 76. HTTP Headers (inspect) http://localhost > Wednesday, March 9, 2011
  • 77. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > Wednesday, March 9, 2011
  • 78. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > Wednesday, March 9, 2011
  • 79. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > $_.headers { date: 'Sat, 06 Nov 2010 21:14:02 GMT' , server: 'Apache/2.2.15 (Unix) PHP/5.3.3-dev mod_ssl/2.2.15 OpenSSL/0.9.8l' , 'content-length': '3617' , connection: 'close' , 'content-type': 'text/html;charset=ISO-8859-1' } Wednesday, March 9, 2011
  • 80. HTTP Headers (set) http://localhost > Wednesday, March 9, 2011
  • 81. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > Wednesday, March 9, 2011
  • 82. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > Wednesday, March 9, 2011
  • 83. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > Wednesday, March 9, 2011
  • 84. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.headers['content-type'] 'text/plain;charset=utf-8' http://localhost:5984 > $_.json http://localhost:5984 > // no JSON )-: Wednesday, March 9, 2011
  • 85. Toolbox + Callbacks http://localhost > $_.toolbox Wednesday, March 9, 2011
  • 86. Toolbox + Callbacks http://localhost > $_.toolbox.lastTweet = function (username) { ... $_.get('http://twitter.com/statuses/user_timeline' + username + '.json', ... function () { if ($_.status == 200) { ... console.log("Last tweet: " + $_.json[0].text) ... }}); ... } [Function] Wednesday, March 9, 2011
  • 87. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > Wednesday, March 9, 2011
  • 88. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > Wednesday, March 9, 2011
  • 89. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > $_.toolbox.lastTweet('userwhodoesntexist') HTTP 404 http://twitter.com/statuses/user_timeline/ userwhodoesntexist.json http://twitter.com > Wednesday, March 9, 2011
  • 90. Toolbox + Callbacks http://localhost > $_.toolbox.prod_unapproved() HTTP 200 http://prod.gimmebar.vpn:5984/gimmebar/_design/ InviteRequest/_view/by_unapproved Unapproved: 99 http://prod.gimmebar.vpn:5984 > Wednesday, March 9, 2011
  • 91. HTML & DOM webshell> GET http://fictivekin.com Wednesday, March 9, 2011
  • 92. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
  • 93. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length Wednesday, March 9, 2011
  • 94. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> Wednesday, March 9, 2011
  • 95. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML Wednesday, March 9, 2011
  • 96. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML 'n <a href=''>FAQ</a>n <h2>Frequently Asked Questions</h2>n' Wednesday, March 9, 2011
  • 97. HTML & DOM Wednesday, March 9, 2011
  • 98. HTML & DOM •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
  • 99. jQuery webshell> GET http://fictivekin.com Wednesday, March 9, 2011
  • 100. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
  • 101. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length Wednesday, March 9, 2011
  • 102. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 Wednesday, March 9, 2011
  • 103. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { sys.puts($(this).attr ('src'));}) Wednesday, March 9, 2011
  • 104. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { console.log($(this).attr ('src'));}) images/fk2_no.png images/dot1.png images/dot2.png images/dot3.png Wednesday, March 9, 2011
  • 106. jQuery •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
  • 108. Concurrency •Node == powerful (story time) •$_.requestConcurrency •Still a little flaky Wednesday, March 9, 2011
  • 110. Future? •Broken on new versions of Node )-: •First things are to get that in order, and do some cleanup •More distant future: •Mongo? •Import browser cookies •Improve readline/UI Wednesday, March 9, 2011
  • 112. New name? •Looking for a new name •Too much noise on “web shell” •We look like a security exploit )-: Wednesday, March 9, 2011
  • 113. Webshell https://github.com/fictivekin/webshell http://joind.in/2805 Me: http://seancoates.com sean@seancoates.com @coates Work: https://gimmebar.com http://fictivekin.com Wednesday, March 9, 2011