Comments on: GWT-RPC in a Nutshell

By: piyush

piyush — Wed, 01 Sep 2010 06:49:07 +0000

Hi,

While working with a GWT application I came across http requests which have 0s in payload. Could someone help me in knowing what does the presence of 0’s means in the payload? Following that sample serialized stream. Let me know if you need a sample serialized stream.

Thanks,
Piyush

By: Scott

Scott — Tue, 18 May 2010 14:24:51 +0000

I am a pentester and have a client using GWT RPC. This is the first time I have tested a site that used gwt. This article really helped. Thanks for the post. I was really scratching my head trying to decipher the serialized data in the POST requests.

Thanks

By: Dejan

Dejan — Sat, 06 Mar 2010 20:58:26 +0000

This is most valuable page that I found about GWT RPC protocol. What I am now looking for is the other direction – how responses from server side to GWT are structured. Do you plan post about that or at least can propose some good pages about that topic?

By: Trung

Trung — Tue, 12 Jan 2010 06:20:51 +0000

SyncProxy implements StreamWriter & StreamReader in pure Java (no JSNI) which allows to communicate with GWT RPC servlet.

See http://www.gdevelop.com/w/blog/2010/01/10/testing-gwt-rpc-services/ for its source code

By: Ron Gutierrez

Ron Gutierrez — Mon, 28 Dec 2009 16:01:05 +0000

I’ve been a little busy over the past couple of weeks and haven’t had a chance to finish up some coding for the second gwt post. As for the data type values those are the serialization signatures for the class. The signature ensures that both the client and server are working on the same instance of the class. If the signature sent by the client does not match the server’s signature for the class, the server will throw an IncompatibleRemoteServiceException. Hope this answered your question.

By: rak

rak — Wed, 23 Dec 2009 16:46:40 +0000

Any updates to this doc post gwt 2.0? I noticed the data type values come down like: java.lang.Long/4227064769. Any idea what the second value represents?

By: Ron Gutierrez

Ron Gutierrez — Thu, 22 Oct 2009 16:37:39 +0000

Sorry for the delayed reply. Yes, there are multiple versions of the GWT-RPC protocol. The first integer value in the request string is the SERIALIZATION_STREAM_VERSION which indicates the version of the RPC protocol being used. In GWT1.4 (SERIALIZATION_STREAM_VERSION 3) and under, the unicode value of \uffff is the default delimiter. I managed to get my hands on some requests using stream version 3. Based on what I saw, the overall structure or the serialized stream looks to be same. Thanks for the heads up.

By: Ron Gutierrez

Ron Gutierrez — Mon, 12 Oct 2009 16:43:03 +0000

Hi Peter,

I’m glad you found the post useful. You can use a HTTP Proxy to intercept the RPC requests. Some popular ones are Burp Proxy and WebScarab.

By: kuza55

kuza55 — Mon, 12 Oct 2009 12:53:12 +0000

Hmm, I saw some stuff a few weeks ago that I thought was GWT out in the big bad internets, however it had a lot of binary data in it (I just treated the binary data as field delimiters), do you know if there are multiple versions of the GWT-RPC protocol?

I saw what looked like a commercial product, so it probably isn’t using the latest and greatest version of GWT, but whatever was the latest when they started working on it…

By: Peter De Baets

Peter De Baets — Fri, 09 Oct 2009 17:27:06 +0000

Ron,

Thanks for posting this. I’m new to Java/GWT and never really understood serialization until I read this post. Can you tell me how you intercepted this RPC request? I can see it being very useful when debugging or performance tuning of my next GWT project.

Thanks,

Peter De Baets