SlideShare una empresa de Scribd logo

WebShell - confoo 2011 - sean coates

Bachkoutou Toutou
Bachkoutou Toutou
1 de 113
Descargar para leer sin conexión
Webshell by Sean Coates and Evan Haas Smart, Scripted HTTP Sean Coates ConFoo March 2011 Wednesday, March 9, 2011
Assumptions Wednesday, March 9, 2011
Assumptions •You know what HTTP is Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS Wednesday, March 9, 2011
Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS •You care about any of this… Wednesday, March 9, 2011
What? Wednesday, March 9, 2011
What? •cURL replacement •REST(ish/ful/y) •Scriptable and interactive •Persistent •node.js •(like http-console) •https://github.com/fictivekin/webshell Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …not cURL? Wednesday, March 9, 2011
Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Wednesday, March 9, 2011
Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Webshell: http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …JavaScript? Wednesday, March 9, 2011
Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
Why… Wednesday, March 9, 2011
Why… …node.js? •good console “framework” •File operations •REPL + Readline •HTTP client •non-blocking Wednesday, March 9, 2011
Wednesday, March 9, 2011
ZZZzzzzzzzzzzzzzzzz… Wednesday, March 9, 2011
Simple HTTP requests http://localhost > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_ Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > $_.raw.substring(0, 50) '<!doctype html><html><head><meta http-equiv="conte' Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > Wednesday, March 9, 2011
Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > $_.json { one: 1, two: 2, three: 3 } Wednesday, March 9, 2011
JSON Processing http://localhost > Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.saveContext("twitter-coates") Saved context: twitter-coates http://twitter.com > ^D Saved context: _previous Wednesday, March 9, 2011
Contexts Time passes. You use Webshell for other things… Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > Wednesday, March 9, 2011
Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
HTTP Auth http://twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > Wednesday, March 9, 2011
HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > $_.json[0].in_reply_to_ screen_name 'coates' Wednesday, March 9, 2011
Cookies http://localhost > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > Wednesday, March 9, 2011
Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 5 times.' Wednesday, March 9, 2011
HTTP Verbs http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } $_.postToRequestData $_.fileToRequestData Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.fictivekin.com > Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
HTTP Headers (inspect) http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > $_.headers { date: 'Sat, 06 Nov 2010 21:14:02 GMT' , server: 'Apache/2.2.15 (Unix) PHP/5.3.3-dev mod_ssl/2.2.15 OpenSSL/0.9.8l' , 'content-length': '3617' , connection: 'close' , 'content-type': 'text/html;charset=ISO-8859-1' } Wednesday, March 9, 2011
HTTP Headers (set) http://localhost > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > Wednesday, March 9, 2011
HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.headers['content-type'] 'text/plain;charset=utf-8' http://localhost:5984 > $_.json http://localhost:5984 > // no JSON )-: Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox.lastTweet = function (username) { ... $_.get('http://twitter.com/statuses/user_timeline' + username + '.json', ... function () { if ($_.status == 200) { ... console.log("Last tweet: " + $_.json[0].text) ... }}); ... } [Function] Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > $_.toolbox.lastTweet('userwhodoesntexist') HTTP 404 http://twitter.com/statuses/user_timeline/ userwhodoesntexist.json http://twitter.com > Wednesday, March 9, 2011
Toolbox + Callbacks http://localhost > $_.toolbox.prod_unapproved() HTTP 200 http://prod.gimmebar.vpn:5984/gimmebar/_design/ InviteRequest/_view/by_unapproved Unapproved: 99 http://prod.gimmebar.vpn:5984 > Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML Wednesday, March 9, 2011
HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML 'n <a href=''>FAQ</a>n <h2>Frequently Asked Questions</h2>n' Wednesday, March 9, 2011
HTML & DOM Wednesday, March 9, 2011
HTML & DOM •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { sys.puts($(this).attr ('src'));}) Wednesday, March 9, 2011
jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { console.log($(this).attr ('src'));}) images/fk2_no.png images/dot1.png images/dot2.png images/dot3.png Wednesday, March 9, 2011
jQuery Wednesday, March 9, 2011
jQuery •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
Concurrency Wednesday, March 9, 2011
Concurrency •Node == powerful (story time) •$_.requestConcurrency •Still a little flaky Wednesday, March 9, 2011
Future? Wednesday, March 9, 2011
Future? •Broken on new versions of Node )-: •First things are to get that in order, and do some cleanup •More distant future: •Mongo? •Import browser cookies •Improve readline/UI Wednesday, March 9, 2011
New name? Wednesday, March 9, 2011
New name? •Looking for a new name •Too much noise on “web shell” •We look like a security exploit )-: Wednesday, March 9, 2011
Webshell https://github.com/fictivekin/webshell http://joind.in/2805 Me: http://seancoates.com sean@seancoates.com @coates Work: https://gimmebar.com http://fictivekin.com Wednesday, March 9, 2011

Recomendados

Ilugc curl
Ilugc curlIlugc curl
Ilugc curlAkilan Ram
 
Introduction HTTP via cURL
Introduction HTTP via cURLIntroduction HTTP via cURL
Introduction HTTP via cURLKyosuke MOROHASHI
 
From zero to almost rails in about a million slides...
From zero to almost rails in about a million slides...From zero to almost rails in about a million slides...
From zero to almost rails in about a million slides...david_e_worth
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applicationsIftach Ian Amit
 
Intro to the Internet & HTML
Intro to the Internet & HTMLIntro to the Internet & HTML
Intro to the Internet & HTMLchrisramey
 
Yahoo is open to developers
Yahoo is open to developersYahoo is open to developers
Yahoo is open to developersChristian Heilmann
 
Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
開放源碼電子書與EPUB幕後排版
開放源碼電子書與EPUB幕後排版開放源碼電子書與EPUB幕後排版
開放源碼電子書與EPUB幕後排版Kyle Lin
 

Recomendados

Ilugc curl
Ilugc curlIlugc curl
Ilugc curlAkilan Ram
 
Introduction HTTP via cURL
Introduction HTTP via cURLIntroduction HTTP via cURL
Introduction HTTP via cURLKyosuke MOROHASHI
 
From zero to almost rails in about a million slides...
From zero to almost rails in about a million slides...From zero to almost rails in about a million slides...
From zero to almost rails in about a million slides...david_e_worth
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applicationsIftach Ian Amit
 
Intro to the Internet & HTML
Intro to the Internet & HTMLIntro to the Internet & HTML
Intro to the Internet & HTMLchrisramey
 
Yahoo is open to developers
Yahoo is open to developersYahoo is open to developers
Yahoo is open to developersChristian Heilmann
 
Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
開放源碼電子書與EPUB幕後排版
開放源碼電子書與EPUB幕後排版開放源碼電子書與EPUB幕後排版
開放源碼電子書與EPUB幕後排版Kyle Lin
 
Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrappingn|u - The Open Security Community
 
Drupal and Cloud Containers
Drupal and Cloud ContainersDrupal and Cloud Containers
Drupal and Cloud ContainersJosh Koenig
 
Python beautiful soup - bs4
Python beautiful soup - bs4Python beautiful soup - bs4
Python beautiful soup - bs4Eueung Mulyana
 
Cors michael
Cors michaelCors michael
Cors michaelMichael Neale
 
.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana StinguRoxana Stingu
 
PHP
PHPPHP
PHPGouthaman V
 
Mwrc2011 cookbook design patterns
Mwrc2011 cookbook design patternsMwrc2011 cookbook design patterns
Mwrc2011 cookbook design patternsjtimberman
 
SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD DATAVERSITY
 
Speed detection using camera
Speed detection using cameraSpeed detection using camera
Speed detection using cameraBinumon Joseph
 
Vehicle detection through image processing
Vehicle detection through image processingVehicle detection through image processing
Vehicle detection through image processingGhazalpreet Kaur
 
Traffic jam detection using image processing
Traffic jam detection using image processingTraffic jam detection using image processing
Traffic jam detection using image processingSai As Sharman
 
Docker and java
Docker and javaDocker and java
Docker and javaAnthony Dahanne
 
Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]Ryan Cuprak
 
Docker and java, at Montréal JUG
Docker and java, at Montréal JUGDocker and java, at Montréal JUG
Docker and java, at Montréal JUGAnthony Dahanne
 
Real time image processing ppt
Real time image processing pptReal time image processing ppt
Real time image processing pptashwini.jagdhane
 
Selection of the research problem
Selection of the research problemSelection of the research problem
Selection of the research problemManu Antony
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
Get more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo MontrealGet more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo MontrealMaarten Balliauw
 
Digital Image Processing
Digital Image ProcessingDigital Image Processing
Digital Image ProcessingSahil Biswas
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
Crystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPICrystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPIScott Triglia
 
Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalkstoJason Diller
 

Más contenido relacionado

La actualidad más candente

Drupal and Cloud Containers
Drupal and Cloud ContainersDrupal and Cloud Containers
Drupal and Cloud ContainersJosh Koenig
 
Python beautiful soup - bs4
Python beautiful soup - bs4Python beautiful soup - bs4
Python beautiful soup - bs4Eueung Mulyana
 
.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana StinguRoxana Stingu
 
Mwrc2011 cookbook design patterns
Mwrc2011 cookbook design patternsMwrc2011 cookbook design patterns
Mwrc2011 cookbook design patternsjtimberman
 
SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD DATAVERSITY
 

La actualidad más candente (8)

Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrapping
 
Drupal and Cloud Containers
Drupal and Cloud ContainersDrupal and Cloud Containers
Drupal and Cloud Containers
 
Python beautiful soup - bs4
Python beautiful soup - bs4Python beautiful soup - bs4
Python beautiful soup - bs4
 
Cors michael
Cors michaelCors michael
Cors michael
 
.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu.htaccess for SEOs - A presentation by Roxana Stingu
.htaccess for SEOs - A presentation by Roxana Stingu
 
PHP
PHPPHP
PHP
 
Mwrc2011 cookbook design patterns
Mwrc2011 cookbook design patternsMwrc2011 cookbook design patterns
Mwrc2011 cookbook design patterns
 
SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD SmartData Webinar Slides JSON-LD
SmartData Webinar Slides JSON-LD
 

Destacado

Speed detection using camera
Speed detection using cameraSpeed detection using camera
Speed detection using cameraBinumon Joseph
 
Vehicle detection through image processing
Vehicle detection through image processingVehicle detection through image processing
Vehicle detection through image processingGhazalpreet Kaur
 
Traffic jam detection using image processing
Traffic jam detection using image processingTraffic jam detection using image processing
Traffic jam detection using image processingSai As Sharman
 
Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]Ryan Cuprak
 
Docker and java, at Montréal JUG
Docker and java, at Montréal JUGDocker and java, at Montréal JUG
Docker and java, at Montréal JUGAnthony Dahanne
 
Real time image processing ppt
Real time image processing pptReal time image processing ppt
Real time image processing pptashwini.jagdhane
 
Selection of the research problem
Selection of the research problemSelection of the research problem
Selection of the research problemManu Antony
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
Get more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo MontrealGet more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo MontrealMaarten Balliauw
 
Digital Image Processing
Digital Image ProcessingDigital Image Processing
Digital Image ProcessingSahil Biswas
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
Crystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPICrystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPIScott Triglia
 

Destacado (13)

Speed detection using camera
Speed detection using cameraSpeed detection using camera
Speed detection using camera
 
Vehicle detection through image processing
Vehicle detection through image processingVehicle detection through image processing
Vehicle detection through image processing
 
Traffic jam detection using image processing
Traffic jam detection using image processingTraffic jam detection using image processing
Traffic jam detection using image processing
 
Docker and java
Docker and javaDocker and java
Docker and java
 
Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]Top 50 java ee 7 best practices [con5669]
Top 50 java ee 7 best practices [con5669]
 
Docker and java, at Montréal JUG
Docker and java, at Montréal JUGDocker and java, at Montréal JUG
Docker and java, at Montréal JUG
 
Real time image processing ppt
Real time image processing pptReal time image processing ppt
Real time image processing ppt
 
Selection of the research problem
Selection of the research problemSelection of the research problem
Selection of the research problem
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
Get more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo MontrealGet more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo Montreal
 
Digital Image Processing
Digital Image ProcessingDigital Image Processing
Digital Image Processing
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
 
Crystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPICrystal clear service interfaces w/ Swagger/OpenAPI
Crystal clear service interfaces w/ Swagger/OpenAPI
 

Similar a WebShell - confoo 2011 - sean coates

Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalkstoJason Diller
 
In depth with html5 java2days 2010
In depth with html5 java2days 2010In depth with html5 java2days 2010
In depth with html5 java2days 2010Mystic Coders, LLC
 
Apachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselApachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselNuxeo
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Nuxeo
 
An introduction to HTTP/2 for SEOs
An introduction to HTTP/2 for SEOsAn introduction to HTTP/2 for SEOs
An introduction to HTTP/2 for SEOsTom Anthony
 
Searching does not mean finding Stuff - Apache Solr for TYPO3
Searching does not mean finding Stuff - Apache Solr for TYPO3Searching does not mean finding Stuff - Apache Solr for TYPO3
Searching does not mean finding Stuff - Apache Solr for TYPO3Olivier Dobberkau
 
The Fast, The Slow and the Lazy
The Fast, The Slow and the LazyThe Fast, The Slow and the Lazy
The Fast, The Slow and the LazyMaurício Linhares
 
Brian Hogg - Web Apps using HTML5 and JS
Brian Hogg - Web Apps using HTML5 and JSBrian Hogg - Web Apps using HTML5 and JS
Brian Hogg - Web Apps using HTML5 and JS#DevTO
 
Joomla: 10 years of progress (jd15fr)
Joomla: 10 years of progress (jd15fr)Joomla: 10 years of progress (jd15fr)
Joomla: 10 years of progress (jd15fr)Peter Martin
 
(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web PagesMichael Nelson
 
Rendering Views in JavaScript - "The New Web Architecture"
Rendering Views in JavaScript - "The New Web Architecture"Rendering Views in JavaScript - "The New Web Architecture"
Rendering Views in JavaScript - "The New Web Architecture"Jonathan Julian
 
Mike hostetler - jQuery knowledge append to you
Mike hostetler - jQuery knowledge append to youMike hostetler - jQuery knowledge append to you
Mike hostetler - jQuery knowledge append to youStarTech Conference
 
HTML XHTML HTML5
HTML XHTML HTML5HTML XHTML HTML5
HTML XHTML HTML5timstone
 
Return of the Command Line: New Text Interfaces
Return of the Command Line: New Text InterfacesReturn of the Command Line: New Text Interfaces
Return of the Command Line: New Text InterfacesDavid Noble
 
Frontend Performance - Web Entwickler Forum
Frontend Performance - Web Entwickler ForumFrontend Performance - Web Entwickler Forum
Frontend Performance - Web Entwickler ForumPierre Spring
 
YQL: Select * from Internet
YQL: Select * from InternetYQL: Select * from Internet
YQL: Select * from Internetdrgath
 

Similar a WebShell - confoo 2011 - sean coates (20)

Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalksto
 
In depth with html5 java2days 2010
In depth with html5 java2days 2010In depth with html5 java2days 2010
In depth with html5 java2days 2010
 
Apachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogriselApachecon 2011 stanbol_ogrisel
Apachecon 2011 stanbol_ogrisel
 
Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011Apache Stanbol 
and the Web of Data - ApacheCon 2011
Apache Stanbol 
and the Web of Data - ApacheCon 2011
 
An introduction to HTTP/2 for SEOs
An introduction to HTTP/2 for SEOsAn introduction to HTTP/2 for SEOs
An introduction to HTTP/2 for SEOs
 
Searching does not mean finding Stuff - Apache Solr for TYPO3
Searching does not mean finding Stuff - Apache Solr for TYPO3Searching does not mean finding Stuff - Apache Solr for TYPO3
Searching does not mean finding Stuff - Apache Solr for TYPO3
 
The Fast, The Slow and the Lazy
The Fast, The Slow and the LazyThe Fast, The Slow and the Lazy
The Fast, The Slow and the Lazy
 
Brian Hogg - Web Apps using HTML5 and JS
Brian Hogg - Web Apps using HTML5 and JSBrian Hogg - Web Apps using HTML5 and JS
Brian Hogg - Web Apps using HTML5 and JS
 
Rails 101
Rails 101Rails 101
Rails 101
 
Joomla: 10 years of progress (jd15fr)
Joomla: 10 years of progress (jd15fr)Joomla: 10 years of progress (jd15fr)
Joomla: 10 years of progress (jd15fr)
 
HTML5 - Yeah!
HTML5 - Yeah!HTML5 - Yeah!
HTML5 - Yeah!
 
(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages(Re-) Discovering Lost Web Pages
(Re-) Discovering Lost Web Pages
 
Rendering Views in JavaScript - "The New Web Architecture"
Rendering Views in JavaScript - "The New Web Architecture"Rendering Views in JavaScript - "The New Web Architecture"
Rendering Views in JavaScript - "The New Web Architecture"
 
Using HTML5 sensibly
Using HTML5 sensiblyUsing HTML5 sensibly
Using HTML5 sensibly
 
Mike hostetler - jQuery knowledge append to you
Mike hostetler - jQuery knowledge append to youMike hostetler - jQuery knowledge append to you
Mike hostetler - jQuery knowledge append to you
 
HTML XHTML HTML5
HTML XHTML HTML5HTML XHTML HTML5
HTML XHTML HTML5
 
Tim stone.html5.rjug.20110316
Tim stone.html5.rjug.20110316Tim stone.html5.rjug.20110316
Tim stone.html5.rjug.20110316
 
Return of the Command Line: New Text Interfaces
Return of the Command Line: New Text InterfacesReturn of the Command Line: New Text Interfaces
Return of the Command Line: New Text Interfaces
 
Frontend Performance - Web Entwickler Forum
Frontend Performance - Web Entwickler ForumFrontend Performance - Web Entwickler Forum
Frontend Performance - Web Entwickler Forum
 
YQL: Select * from Internet
YQL: Select * from InternetYQL: Select * from Internet
YQL: Select * from Internet
 

Más de Bachkoutou Toutou

Making php see, confoo 2011
Making php see, confoo 2011 Making php see, confoo 2011
Making php see, confoo 2011 Bachkoutou Toutou
 
Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Bachkoutou Toutou
 
hacking your website with vega, confoo2011
hacking your website with vega, confoo2011hacking your website with vega, confoo2011
hacking your website with vega, confoo2011Bachkoutou Toutou
 
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011Bachkoutou Toutou
 
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011Bachkoutou Toutou
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Bachkoutou Toutou
 
Connecting web Applications with Desktop, confoo 2011
Connecting web Applications with Desktop, confoo 2011Connecting web Applications with Desktop, confoo 2011
Connecting web Applications with Desktop, confoo 2011Bachkoutou Toutou
 
Connecting Web Application and Desktop, confoo 2011, qafoo
Connecting Web Application and Desktop, confoo 2011, qafooConnecting Web Application and Desktop, confoo 2011, qafoo
Connecting Web Application and Desktop, confoo 2011, qafooBachkoutou Toutou
 
99 problems but the search aint one, confoo 2011, andrei zmievski
99 problems but the search aint one, confoo 2011, andrei zmievski99 problems but the search aint one, confoo 2011, andrei zmievski
99 problems but the search aint one, confoo 2011, andrei zmievskiBachkoutou Toutou
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansPhp Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansBachkoutou Toutou
 
Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Bachkoutou Toutou
 
Confoo 2011 - Advanced OO Patterns
Confoo 2011 - Advanced OO PatternsConfoo 2011 - Advanced OO Patterns
Confoo 2011 - Advanced OO PatternsBachkoutou Toutou
 

Más de Bachkoutou Toutou (14)

Making php see, confoo 2011
Making php see, confoo 2011 Making php see, confoo 2011
Making php see, confoo 2011
 
Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011Sean coates fifty things and tricks, confoo 2011
Sean coates fifty things and tricks, confoo 2011
 
hacking your website with vega, confoo2011
hacking your website with vega, confoo2011hacking your website with vega, confoo2011
hacking your website with vega, confoo2011
 
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
Premiers pas dans les extensions PHP, Pierrick Charron, Confoo 2011
 
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
Kill bottlenecks with gearman, sphinx, and memcached, Confoo 2011
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011
 
Connecting web Applications with Desktop, confoo 2011
Connecting web Applications with Desktop, confoo 2011Connecting web Applications with Desktop, confoo 2011
Connecting web Applications with Desktop, confoo 2011
 
Connecting Web Application and Desktop, confoo 2011, qafoo
Connecting Web Application and Desktop, confoo 2011, qafooConnecting Web Application and Desktop, confoo 2011, qafoo
Connecting Web Application and Desktop, confoo 2011, qafoo
 
99 problems but the search aint one, confoo 2011, andrei zmievski
99 problems but the search aint one, confoo 2011, andrei zmievski99 problems but the search aint one, confoo 2011, andrei zmievski
99 problems but the search aint one, confoo 2011, andrei zmievski
 
Php Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick RethansPhp Inside - confoo 2011 - Derick Rethans
Php Inside - confoo 2011 - Derick Rethans
 
Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011Stress Free Deployment - Confoo 2011
Stress Free Deployment - Confoo 2011
 
Apc Memcached Confoo 2011
Apc Memcached Confoo 2011Apc Memcached Confoo 2011
Apc Memcached Confoo 2011
 
Xdebug confoo11
Xdebug confoo11Xdebug confoo11
Xdebug confoo11
 
Confoo 2011 - Advanced OO Patterns
Confoo 2011 - Advanced OO PatternsConfoo 2011 - Advanced OO Patterns
Confoo 2011 - Advanced OO Patterns
 

WebShell - confoo 2011 - sean coates

  • 1. Webshell by Sean Coates and Evan Haas Smart, Scripted HTTP Sean Coates ConFoo March 2011 Wednesday, March 9, 2011
  • 3. Assumptions •You know what HTTP is Wednesday, March 9, 2011
  • 4. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) Wednesday, March 9, 2011
  • 5. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS Wednesday, March 9, 2011
  • 6. Assumptions •You know what HTTP is •You have *some* understanding of how HTTP works •(verbs, status codes, requests, responses) •You have a cursory understanding of JS •You care about any of this… Wednesday, March 9, 2011
  • 8. What? •cURL replacement •REST(ish/ful/y) •Scriptable and interactive •Persistent •node.js •(like http-console) •https://github.com/fictivekin/webshell Wednesday, March 9, 2011
  • 10. Why… …not cURL? Wednesday, March 9, 2011
  • 11. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Wednesday, March 9, 2011
  • 12. Why… …not cURL? $ curl -s http://twitter.com/users/coates.json | sed -e 's/^.*"name":"//' -e 's/".*$//' Sean Coates Webshell: http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 14. Why… …JavaScript? Wednesday, March 9, 2011
  • 15. Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
  • 16. Why… …JavaScript? Gimme Bar Front-End Back-End Extensions Wednesday, March 9, 2011
  • 18. Why… …node.js? •good console “framework” •File operations •REPL + Readline •HTTP client •non-blocking Wednesday, March 9, 2011
  • 21. Simple HTTP requests http://localhost > Wednesday, March 9, 2011
  • 22. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > Wednesday, March 9, 2011
  • 23. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_ Wednesday, March 9, 2011
  • 24. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
  • 25. Simple HTTP requests http://localhost > GET http://google.com/ HTTP 301 http://google.com/ http://google.com > $_.headers { location: 'http://www.google.com/' , 'content-type': 'text/html; charset=UTF-8' , date: 'Sat, 06 Nov 2010 17:38:56 GMT' , expires: 'Mon, 06 Dec 2010 17:38:56 GMT' , 'cache-control': 'public, max-age=2592000' , server: 'gws' , 'content-length': '219' , 'x-xss-protection': '1; mode=block' , connection: 'close' } http://google.com > Wednesday, March 9, 2011
  • 26. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > Wednesday, March 9, 2011
  • 27. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() Wednesday, March 9, 2011
  • 28. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > Wednesday, March 9, 2011
  • 29. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
  • 30. Simple HTTP requests http://google.com > $_.headers.location 'http://www.google.com/' http://google.com > $_.follow() HTTP 302 http://www.google.com/ http://www.google.com > $_.headers.location 'http://www.google.ca/' http://www.google.com > $_.follow() HTTP 200 http://www.google.ca/ http://www.google.ca > $_.raw.substring(0, 50) '<!doctype html><html><head><meta http-equiv="conte' Wednesday, March 9, 2011
  • 31. Relative Requests (sort of) http://localhost > Wednesday, March 9, 2011
  • 32. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 33. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 34. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > Wednesday, March 9, 2011
  • 35. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 36. Relative Requests (sort of) http://localhost > GET http://files.seancoates.com/testjson.php HTTP 404 http://files.seancoates.com/testjson.php http://files.seancoates.com > // oops http://files.seancoates.com > GET /test_json.php HTTP 200 http://files.seancoates.com/test_json.php http://files.seancoates.com > $_.json { one: 1, two: 2, three: 3 } Wednesday, March 9, 2011
  • 37. JSON Processing http://localhost > Wednesday, March 9, 2011
  • 38. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
  • 39. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 40. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
  • 41. JSON Processing http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.json.name 'Sean Coates' http://twitter.com > $_.headers['content-type'] 'application/json; charset=utf-8' Wednesday, March 9, 2011
  • 42. Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
  • 43. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
  • 44. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > Wednesday, March 9, 2011
  • 45. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > Wednesday, March 9, 2011
  • 46. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > GET http://twitter.com/users/coates.json HTTP 200 http://twitter.com/users/coates.json http://twitter.com > $_.saveContext("twitter-coates") Saved context: twitter-coates http://twitter.com > ^D Saved context: _previous Wednesday, March 9, 2011
  • 47. Contexts Time passes. You use Webshell for other things… Wednesday, March 9, 2011
  • 48. Contexts sarcasm:~/src/webshell (master)$ Wednesday, March 9, 2011
  • 49. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > Wednesday, March 9, 2011
  • 50. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > Wednesday, March 9, 2011
  • 51. Contexts sarcasm:~/src/webshell (master)$ node shell.js Loaded context: _previous http://localhost > $_.json //empty http://localhost > $_.loadContext("twitter-coates") Loaded context: twitter-coates http://twitter.com > $_.json.name 'Sean Coates' Wednesday, March 9, 2011
  • 52. HTTP Auth http://twitter.com > Wednesday, March 9, 2011
  • 53. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json Wednesday, March 9, 2011
  • 54. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 55. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json Wednesday, March 9, 2011
  • 56. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 57. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > Wednesday, March 9, 2011
  • 58. HTTP Auth (sorry for the line breaks) http://twitter.com > GET http://coates:notpass@twitter.com/ users/coates.json HTTP 401 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http:// coates:real@twitter.com/users/coates.json HTTP 200 http://coates:***@twitter.com/users/coates.json http://coates:***@twitter.com > GET http://twitter.com/ statuses/replies.json HTTP 200 http://coates:***@twitter.com/statuses/replies.json http://coates:***@twitter.com > $_.json[0].in_reply_to_ screen_name 'coates' Wednesday, March 9, 2011
  • 59. Cookies http://localhost > Wednesday, March 9, 2011
  • 60. Cookies (unless $_.useCookies is set to false) http://localhost > Wednesday, March 9, 2011
  • 61. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > Wednesday, March 9, 2011
  • 62. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > Wednesday, March 9, 2011
  • 63. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > Wednesday, March 9, 2011
  • 64. Cookies (unless $_.useCookies is set to false) http://localhost > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 1 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 2 times.' http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > GET http://files.seancoates.com/ cookiecounter.php HTTP 200 http://files.seancoates.com/cookiecounter.php http://files.seancoates.com > $_.raw 'You have visited this page 5 times.' Wednesday, March 9, 2011
  • 65. HTTP Verbs http://localhost > Wednesday, March 9, 2011
  • 66. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > Wednesday, March 9, 2011
  • 67. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > Wednesday, March 9, 2011
  • 68. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
  • 69. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } Wednesday, March 9, 2011
  • 70. HTTP Verbs http://localhost > GET http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.get { one: '1', two: '2' } http://localhost > $_.json.server.REQUEST_METHOD 'GET' http://localhost > $_.requestData = {three:3, four:4} { three: 3, four: 4 } http://localhost > POST http://localhost/json.php?one=1&two=2 HTTP 200 http://localhost/json.php http://localhost > $_.json.post { three: '3', four: '4' } $_.postToRequestData $_.fileToRequestData Wednesday, March 9, 2011
  • 71. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') Wednesday, March 9, 2011
  • 72. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.fictivekin.com > Wednesday, March 9, 2011
  • 73. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > Wednesday, March 9, 2011
  • 74. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.comin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
  • 75. HTTP Verbs http://localhost > result = $_.get('http://fictivekin.com') GET http://fictivekin.com HTTP 200 http://fictivekin.com/ http://www.google.com > result2 = $_.get('http:// www.google.ca') GET http://www.google.ca HTTP 200 http://www.google.ca/ http://www.google.ca > result.headers['content-type'] 'text/html' http://www.google.ca > result2.headers['content-type'] 'text/html; charset=ISO-8859-1' Wednesday, March 9, 2011
  • 76. HTTP Headers (inspect) http://localhost > Wednesday, March 9, 2011
  • 77. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > Wednesday, March 9, 2011
  • 78. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > Wednesday, March 9, 2011
  • 79. HTTP Headers http://localhost > GET http://localhost HTTP 200 http://localhost/ http://localhost > $_.requestHeaders { host: 'localhost' , 'user-agent': 'Webshell/0.1-dev node.js/v0.2.1' , accept: 'application/json, */*' , 'content-type': 'application/x-www-form-urlencoded' } http://localhost > $_.headers { date: 'Sat, 06 Nov 2010 21:14:02 GMT' , server: 'Apache/2.2.15 (Unix) PHP/5.3.3-dev mod_ssl/2.2.15 OpenSSL/0.9.8l' , 'content-length': '3617' , connection: 'close' , 'content-type': 'text/html;charset=ISO-8859-1' } Wednesday, March 9, 2011
  • 80. HTTP Headers (set) http://localhost > Wednesday, March 9, 2011
  • 81. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > Wednesday, March 9, 2011
  • 82. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > Wednesday, March 9, 2011
  • 83. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > Wednesday, March 9, 2011
  • 84. HTTP Headers http://localhost > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.json { couchdb: 'Welcome', version: '1.0.1' } http://localhost:5984 > $_.json.version '1.0.1' http://localhost:5984 > $_.headers['content-type'] 'application/json' http://localhost:5984 > $_.requestHeaders.accept 'application/json, */*' http://localhost:5984 > $_.requestHeaders.accept = '*/*' // not json explicitly '*/*' http://localhost:5984 > GET http://localhost:5984/ HTTP 200 http://localhost:5984/ http://localhost:5984 > $_.headers['content-type'] 'text/plain;charset=utf-8' http://localhost:5984 > $_.json http://localhost:5984 > // no JSON )-: Wednesday, March 9, 2011
  • 85. Toolbox + Callbacks http://localhost > $_.toolbox Wednesday, March 9, 2011
  • 86. Toolbox + Callbacks http://localhost > $_.toolbox.lastTweet = function (username) { ... $_.get('http://twitter.com/statuses/user_timeline' + username + '.json', ... function () { if ($_.status == 200) { ... console.log("Last tweet: " + $_.json[0].text) ... }}); ... } [Function] Wednesday, March 9, 2011
  • 87. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > Wednesday, March 9, 2011
  • 88. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > Wednesday, March 9, 2011
  • 89. Toolbox + Callbacks http://twitter.com > $_.toolbox.lastTweet('coates') HTTP 200 http://twitter.com/statuses/user_timeline/coates.json Last tweet: Doing a bunch of work on Webshell. Fixed some bugs, added relative URLs, and re-writing the docs. http:// github.com/fictivekin/webshell http://twitter.com > $_.toolbox.lastTweet('sirevanhaas') HTTP 200 http://twitter.com/statuses/user_timeline/ sirevanhaas.json Last tweet: If only Firefox extensions were as simple as Chrome/Safari extensions http://twitter.com > $_.toolbox.lastTweet('userwhodoesntexist') HTTP 404 http://twitter.com/statuses/user_timeline/ userwhodoesntexist.json http://twitter.com > Wednesday, March 9, 2011
  • 90. Toolbox + Callbacks http://localhost > $_.toolbox.prod_unapproved() HTTP 200 http://prod.gimmebar.vpn:5984/gimmebar/_design/ InviteRequest/_view/by_unapproved Unapproved: 99 http://prod.gimmebar.vpn:5984 > Wednesday, March 9, 2011
  • 91. HTML & DOM webshell> GET http://fictivekin.com Wednesday, March 9, 2011
  • 92. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
  • 93. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length Wednesday, March 9, 2011
  • 94. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> Wednesday, March 9, 2011
  • 95. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML Wednesday, March 9, 2011
  • 96. HTML & DOM webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $_.document.getElementsByClassName('message').length 8 webshell> $_.document.getElementById('faq').innerHTML 'n <a href=''>FAQ</a>n <h2>Frequently Asked Questions</h2>n' Wednesday, March 9, 2011
  • 97. HTML & DOM Wednesday, March 9, 2011
  • 98. HTML & DOM •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
  • 99. jQuery webshell> GET http://fictivekin.com Wednesday, March 9, 2011
  • 100. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> Wednesday, March 9, 2011
  • 101. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length Wednesday, March 9, 2011
  • 102. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 Wednesday, March 9, 2011
  • 103. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { sys.puts($(this).attr ('src'));}) Wednesday, March 9, 2011
  • 104. jQuery webshell> GET http://fictivekin.com HTTP 200 http://fictivekin.com webshell> $('img').length 4 webshell> $('img').each(function() { console.log($(this).attr ('src'));}) images/fk2_no.png images/dot1.png images/dot2.png images/dot3.png Wednesday, March 9, 2011
  • 106. jQuery •Needs envjs and libxmljs •NOT stable •See the envjs branch on Github Wednesday, March 9, 2011
  • 108. Concurrency •Node == powerful (story time) •$_.requestConcurrency •Still a little flaky Wednesday, March 9, 2011
  • 110. Future? •Broken on new versions of Node )-: •First things are to get that in order, and do some cleanup •More distant future: •Mongo? •Import browser cookies •Improve readline/UI Wednesday, March 9, 2011
  • 112. New name? •Looking for a new name •Too much noise on “web shell” •We look like a security exploit )-: Wednesday, March 9, 2011
  • 113. Webshell https://github.com/fictivekin/webshell http://joind.in/2805 Me: http://seancoates.com sean@seancoates.com @coates Work: https://gimmebar.com http://fictivekin.com Wednesday, March 9, 2011