gwtparse failed on RPC call from GWT 2.5.1

[ghost]

Hi,

the following RPC call is used on a webpage running GWT 2.5.1:

7|0|12|https://example.com/|{HASH}|net.customware.gwt.dispatch.client.standard.StandardDispatchService|execute|net.customware.gwt.dispatch.shared.Action|{CUSTOM_CLASSNAME}/951153625|java.util.Date/3385151746|test|java.util.HashSet/3273092938|java.lang.Integer/3438268394|{VERY_LONG_SESSION_STRING}|en|1|2|3|4|1|5|6|7|UUaJ_8A|7|UWQmkMA|7|UUfTlsA|7|UWLc$cA|200|8|9|1|10|52|11|12|

Using the gwtparse.py tool to parse this call leads to the following error:

Traceback (most recent call last):
  File "gwtparse.py", line 87, in <module>
    gwt.deserialize( options.rpc_request )
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 716, in deserialize
    self._parse()
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 701, in _parse
    self._parse_value(param.typename)
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 663, in _parse_value
    self._parse_read_object(data_type)
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 509, in _parse_read_object
    if self._nextval_is_an_integer( prev_index ):
  File "/opt/gwt-pentest/gwtparse/GWTParser.py", line 136, in _nextval_is_an_integer
    if int(self.indices[0]) == int(self.indices[1]):
ValueError: invalid literal for int() with base 10: 'UUaJ_8A'

[pwneddesal]

This tool is not working on latest version of gwt, isn't it ?

[quentinhardy]

Tested on 2.5.0rc1. It does not parse RPC calls correctly -:( So I think the tool should NOT work for other versions too ?! (e.g. 2.6.0, 2.7.1, 2.8.1)

What are versions tested?