WebShell - confoo 2011 - sean coates

1,450 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,450
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WebShell - confoo 2011 - sean coates

  1. 1. Webshell by Sean Coates and Evan Haas Smart, Scripted HTTP Sean Coates ConFoo March 2011Wednesday, March 9, 2011
  2. 2. AssumptionsWednesday, March 9, 2011
  3. 3. Assumptions •You know what HTTP isWednesday, March 9, 2011
  4. 4. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses)Wednesday, March 9, 2011
  5. 5. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JSWednesday, March 9, 2011
  6. 6. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS •You care about any of this…Wednesday, March 9, 2011
  7. 7. What?Wednesday, March 9, 2011
  8. 8. What? •cURL replacement •REST(ish/ful/y) •Scriptable and interactive •Persistent •node.js •(like http-console) •https://github.com/fictivekin/webshellWednesday, March 9, 2011
  9. 9. Why…Wednesday, March 9, 2011
  10. 10. Why… …not cURL?Wednesday, March 9, 2011
  11. 11. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e s/^.*"name":"// -e s/".*$// Sean CoatesWednesday, March 9, 2011
  12. 12. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e s/^.*"name":"// -e s/".*$// Sean Coates Webshell: http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name Sean CoatesWednesday, March 9, 2011
  13. 13. Why…Wednesday, March 9, 2011
  14. 14. Why… …JavaScript?Wednesday, March 9, 2011
  15. 15. Why… …JavaScript? Gimme Bar Front-End Back-End ExtensionsWednesday, March 9, 2011
  16. 16. Why… …JavaScript? Gimme Bar Front-End Back-End ExtensionsWednesday, March 9, 2011
  17. 17. Why…Wednesday, March 9, 2011
  18. 18. Why… …node.js? •good console “framework” •File operations •REPL + Readline •HTTP client •non-blockingWednesday, March 9, 2011
  19. 19. Wednesday, March 9, 2011
  20. 20. ZZZzzzzzzzzzzzzzzzz…Wednesday, March 9, 2011
  21. 21. Simple HTTP requests http://localhost >Wednesday, March 9, 2011
  22. 22. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com >Wednesday, March 9, 2011
  23. 23. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_Wednesday, March 9, 2011
  24. 24. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: http://www.google.com/ , content-type: text/html; charset=UTF-8 , date: Sat, 06 Nov 2010 17:38:56 GMT , expires: Mon, 06 Dec 2010 17:38:56 GMT , cache-control: public, max-age=2592000 , server: gws , content-length: 219 , x-xss-protection: 1; mode=block , connection: close } http://google.com >Wednesday, March 9, 2011
  25. 25. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: http://www.google.com/ , content-type: text/html; charset=UTF-8 , date: Sat, 06 Nov 2010 17:38:56 GMT , expires: Mon, 06 Dec 2010 17:38:56 GMT , cache-control: public, max-age=2592000 , server: gws , content-length: 219 , x-xss-protection: 1; mode=block , connection: close } http://google.com >Wednesday, March 9, 2011
  26. 26. Simple HTTP requests http://google.com > $_.headers.location http://www.google.com/ http://google.com >Wednesday, March 9, 2011
  27. 27. Simple HTTP requests http://google.com > $_.headers.location http://www.google.com/ http://google.com > $_.follow()Wednesday, March 9, 2011
  28. 28. Simple HTTP requests http://google.com > $_.headers.location http://www.google.com/ http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location http://www.google.ca/ http://www.google.com >Wednesday, March 9, 2011
  29. 29. Simple HTTP requests http://google.com > $_.headers.location http://www.google.com/ http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location http://www.google.ca/ http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca >Wednesday, March 9, 2011
  30. 30. Simple HTTP requests http://google.com > $_.headers.location http://www.google.com/ http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location http://www.google.ca/ http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > $_.raw.substring(0, 50) <!doctype html><html><head><meta http-equiv="conteWednesday, March 9, 2011
  31. 31. Relative Requests (sort of) http://localhost >Wednesday, March 9, 2011
  32. 32. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com >Wednesday, March 9, 2011
  33. 33. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com >Wednesday, March 9, 2011
  34. 34. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com >Wednesday, March 9, 2011
  35. 35. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com >Wednesday, March 9, 2011
  36. 36. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > $_.json { one: 1, two: 2, three: 3 }Wednesday, March 9, 2011
  37. 37. JSON Processing http://localhost >Wednesday, March 9, 2011
  38. 38. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com >Wednesday, March 9, 2011
  39. 39. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name Sean CoatesWednesday, March 9, 2011
  40. 40. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name Sean Coates http://twitter.com > $_.headers[content-type] application/json; charset=utf-8Wednesday, March 9, 2011
  41. 41. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name Sean Coates http://twitter.com > $_.headers[content-type] application/json; charset=utf-8Wednesday, March 9, 2011
  42. 42. Contexts sarcasm:~/src/webshell (master)$Wednesday, March 9, 2011
  43. 43. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost >Wednesday, March 9, 2011
  44. 44. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost >Wednesday, March 9, 2011
  45. 45. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com >Wednesday, March 9, 2011
  46. 46. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.saveContext("twitter-coates") Saved context: twitter-coates http://twitter.com > ^D Saved context: _previousWednesday, March 9, 2011
  47. 47. Contexts Time passes. You use Webshell for other things…Wednesday, March 9, 2011
  48. 48. Contexts sarcasm:~/src/webshell (master)$Wednesday, March 9, 2011
  49. 49. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost >Wednesday, March 9, 2011
  50. 50. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com >Wednesday, March 9, 2011
  51. 51. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > $_.json.name Sean CoatesWednesday, March 9, 2011
  52. 52. HTTP Auth http://twitter.com >Wednesday, March 9, 2011
  53. 53. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.jsonWednesday, March 9, 2011
  54. 54. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com >Wednesday, March 9, 2011
  55. 55. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.jsonWednesday, March 9, 2011
  56. 56. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com >Wednesday, March 9, 2011
  57. 57. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com >Wednesday, March 9, 2011
  58. 58. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > $_.json[0].in_reply_to_ screen_name coatesWednesday, March 9, 2011
  59. 59. Cookies http://localhost >Wednesday, March 9, 2011
  60. 60. Cookies (unless $_.useCookies is set to false) http://localhost >Wednesday, March 9, 2011
  61. 61. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com >Wednesday, March 9, 2011
  62. 62. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 1 times. http://files.seancoates.com >Wednesday, March 9, 2011
  63. 63. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 1 times. http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 2 times. http://files.seancoates.com >Wednesday, March 9, 2011
  64. 64. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 1 times. http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 2 times. http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw You have visited this page 5 times.Wednesday, March 9, 2011
  65. 65. HTTP Verbs http://localhost >Wednesday, March 9, 2011
  66. 66. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: 1, two: 2 } http://localhost > $_.json.server.REQUEST_METHOD GET http://localhost >Wednesday, March 9, 2011
  67. 67. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: 1, two: 2 } http://localhost > $_.json.server.REQUEST_METHOD GET http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost >Wednesday, March 9, 2011
  68. 68. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: 1, two: 2 } http://localhost > $_.json.server.REQUEST_METHOD GET http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: 3, four: 4 }Wednesday, March 9, 2011
  69. 69. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: 1, two: 2 } http://localhost > $_.json.server.REQUEST_METHOD GET http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: 3, four: 4 }Wednesday, March 9, 2011
  70. 70. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: 1, two: 2 } http://localhost > $_.json.server.REQUEST_METHOD GET http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: 3, four: 4 } $_.postToRequestData $_.fileToRequestDataWednesday, March 9, 2011
  71. 71. HTTP Verbs http://localhost > result = $_.get(http://fictivekin.com)Wednesday, March 9, 2011
  72. 72. HTTP Verbs http://localhost > result = $_.get(http://fictivekin.com) GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.fictivekin.com >Wednesday, March 9, 2011
  73. 73. HTTP Verbs http://localhost > result = $_.get(http://fictivekin.com) GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get(http:// www.google.ca) GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca >Wednesday, March 9, 2011
  74. 74. HTTP Verbs http://localhost > result = $_.get(http://fictivekin.com) GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get(http:// www.google.ca) GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers[content-type] text/html http://www.google.ca > result2.headers[content-type] text/html; charset=ISO-8859-1Wednesday, March 9, 2011
  75. 75. HTTP Verbs http://localhost > result = $_.get(http://fictivekin.com) GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get(http:// www.google.ca) GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers[content-type] text/html http://www.google.ca > result2.headers[content-type] text/html; charset=ISO-8859-1Wednesday, March 9, 2011
  76. 76. HTTP Headers (inspect) http://localhost >Wednesday, March 9, 2011
  77. 77. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost >Wednesday, March 9, 2011
  78. 78. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: localhost , user-agent: Webshell/0.1-dev node.js/v0.2.1 , accept: application/json, */* , content-type: application/x-www-form-urlencoded } http://localhost >Wednesday, March 9, 2011
  79. 79. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: localhost , user-agent: Webshell/0.1-dev node.js/v0.2.1 , accept: application/json, */* , content-type: application/x-www-form-urlencoded } http://localhost > $_.headers { date: Sat, 06 Nov 2010 21:14:02 GMT , server: Apache/2.2.15 (Unix) PHP/5.3.3-dev mod_ssl/2.2.15 OpenSSL/0.9.8l , content-length: 3617 , connection: close , content-type: text/html;charset=ISO-8859-1 }Wednesday, March 9, 2011
  80. 80. HTTP Headers (set) http://localhost >Wednesday, March 9, 2011
  81. 81. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: Welcome, version: 1.0.1 } http://localhost:5984 > $_.json.version 1.0.1 http://localhost:5984 >Wednesday, March 9, 2011
  82. 82. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: Welcome, version: 1.0.1 } http://localhost:5984 > $_.json.version 1.0.1 http://localhost:5984 > $_.headers[content-type] application/json http://localhost:5984 > $_.requestHeaders.accept application/json, */* http://localhost:5984 >Wednesday, March 9, 2011
  83. 83. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: Welcome, version: 1.0.1 } http://localhost:5984 > $_.json.version 1.0.1 http://localhost:5984 > $_.headers[content-type] application/json http://localhost:5984 > $_.requestHeaders.accept application/json, */* http://localhost:5984 > $_.requestHeaders.accept = */* // not json explicitly */* http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 >Wednesday, March 9, 2011
  84. 84. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: Welcome, version: 1.0.1 } http://localhost:5984 > $_.json.version 1.0.1 http://localhost:5984 > $_.headers[content-type] application/json http://localhost:5984 > $_.requestHeaders.accept application/json, */* http://localhost:5984 > $_.requestHeaders.accept = */* // not json explicitly */* http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.headers[content-type] text/plain;charset=utf-8 http://localhost:5984 > $_.json http://localhost:5984 > // no JSON )-:Wednesday, March 9, 2011
  85. 85. Toolbox + Callbacks http://localhost > $_.toolboxWednesday, March 9, 2011
  86. 86. Toolbox + Callbacks http://localhost > $_.toolbox.lastTweet = function (username) { ... $_.get(http://twitter.com/statuses/user_timeline + username + .json, ... function () { if ($_.status == 200) { ... console.log("Last tweet: " + $_.json[0].text) ... }}); ... } [Function]Wednesday, March 9, 2011
  87. 87. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet(coates) HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com >Wednesday, March 9, 2011
  88. 88. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet(coates) HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet(sirevanhaas) HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com >Wednesday, March 9, 2011
  89. 89. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet(coates) HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet(sirevanhaas) HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > $_.toolbox.lastTweet(userwhodoesntexist) HTTP 404 http://twitter.com/statuses/user_timeline/ userwhodoesntexist.json http://twitter.com >Wednesday, March 9, 2011
  90. 90. Toolbox + Callbacks http://localhost > $_.toolbox.prod_unapproved() HTTP 200 http://prod.gimmebar.vpn:5984/gimmebar/_design/ InviteRequest/_view/by_unapproved Unapproved: 99 http://prod.gimmebar.vpn:5984 >Wednesday, March 9, 2011
  91. 91. HTML & DOM webshell> GET http://fictivekin.comWednesday, March 9, 2011
  92. 92. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell>Wednesday, March 9, 2011
  93. 93. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName(message).lengthWednesday, March 9, 2011
  94. 94. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName(message).length 8 webshell>Wednesday, March 9, 2011
  95. 95. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName(message).length 8 webshell> $_.document.getElementById(faq).innerHTMLWednesday, March 9, 2011
  96. 96. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName(message).length 8 webshell> $_.document.getElementById(faq).innerHTML n <a href=>FAQ</a>n <h2>Frequently Asked Questions</h2>nWednesday, March 9, 2011
  97. 97. HTML & DOMWednesday, March 9, 2011
  98. 98. HTML & DOM •Needs envjs and libxmljs •NOT stable •See the envjs branch on GithubWednesday, March 9, 2011
  99. 99. jQuery webshell> GET http://fictivekin.comWednesday, March 9, 2011
  100. 100. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell>Wednesday, March 9, 2011
  101. 101. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $(img).lengthWednesday, March 9, 2011
  102. 102. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $(img).length 4Wednesday, March 9, 2011
  103. 103. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $(img).length 4 webshell> $(img).each(function() { sys.puts($(this).attr (src));})Wednesday, March 9, 2011
  104. 104. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $(img).length 4 webshell> $(img).each(function() { console.log($(this).attr (src));}) images/fk2_no.png images/dot1.png images/dot2.png images/dot3.pngWednesday, March 9, 2011
  105. 105. jQueryWednesday, March 9, 2011
  106. 106. jQuery •Needs envjs and libxmljs •NOT stable •See the envjs branch on GithubWednesday, March 9, 2011
  107. 107. ConcurrencyWednesday, March 9, 2011
  108. 108. Concurrency •Node == powerful (story time) •$_.requestConcurrency •Still a little flakyWednesday, March 9, 2011
  109. 109. Future?Wednesday, March 9, 2011
  110. 110. Future? •Broken on new versions of Node )-: •First things are to get that in order, and do some cleanup •More distant future: •Mongo? •Import browser cookies •Improve readline/UIWednesday, March 9, 2011
  111. 111. New name?Wednesday, March 9, 2011
  112. 112. New name? •Looking for a new name •Too much noise on “web shell” •We look like a security exploit )-:Wednesday, March 9, 2011
  113. 113. Webshell https://github.com/fictivekin/webshell http://joind.in/2805 Me: http://seancoates.com sean@seancoates.com @coates Work: https://gimmebar.com http://fictivekin.comWednesday, March 9, 2011

×