Hacking Google Services Solutions in this chapter: ■ AJAX Search API ■ Calendar ■ Blogger and Google’s Blog Search ■ Signaling Alerts ■ Google Co-op ■ Google Code Chapter 10... AJAX Sear
Trang 1such as credit card numbers and social security numbers isn’t a great idea either, as an interloper could easily capture that information It’s better instead to enter pieces of that information Be creative, but don’t open yourself to exposure while trying to protect yourself!
Q: Many passwords grant access to meaningless services Why should I be worried about
the password for a useless service leaking out to the Web?
A: Studies have shown that the majority of people often opt for the easiest path to
com-pleting a task In the world of security, this means that many people share passwords (or password cues) across many different applications on many different servers So, you can see that one compromised password can provide clues about passwords used on other systems Most policies forbid this type of password sharing, but this restriction is often hard to enforce
Usernames, Passwords, and Secret Stuff, Oh My! • Chapter 9 371
Trang 3Hacking Google Services
Solutions in this chapter:
■ AJAX Search API
■ Calendar
■ Blogger and Google’s Blog Search
■ Signaling Alerts
■ Google Co-op
■ Google Code
Chapter 10
Trang 4AJAX Search API
AJAX Search API is one of the leading Google services on the AJAX front.This service is meant as a replacement of the older SOAP search service which support was discontinued some time ago AJAX Search API is considered to be more powerful then the SOAP service and easier to work with.The primary goal of the service is to enable external websites to host Google supplied gadgets which provide searching facilities within or outside of the hosting website and also among video clips, maps, blogs, custom search engines, etc
The default interface of the service looks like as shown on Figure 10.1
Figure 10.1 Google AJAX Search API Dialog
The search dialog in Figure 10.1 is divided into several sections Each section represents
a search category: Local, Web, Video, Blog, News and Book Having all results on a single place in particular is very useful since we can perform interesting queries and get instant feedback across the entire Google platform.This is where the Search API shines best Let’s
try a query fir firefox, as shown in Figure 10.2.
Simply visit http://www.google.com/uds/samples/apidocs/helloworld.html demonstra-tion applicademonstra-tion and type the query
374 Chapter 10 • Hacking Google Services
Trang 5Figure 10.2 AJAX Search for “firefox”
Notice that the AJAX API result set contains also Image search section with the most relevant results In the following section we are going to have more detailed look at the
AJAX API Search service
Embedding Google AJAX Search API
The Google AJAX Search API was designed to be embedded within external pages.This
makes the service rather useful, since we can construct custom interfaces for better accessing
the Google infrastructure In order to start using the AJAX Search API you need to have
some understanding of JavaScript and AJAX programming and an API key which you can
generate yourself Assuming basic understanding of AJAX, we will concentrate on the
inter-esting stuff around the service itself
In order to generate an API key, simply Visit the AJAX Search API Home page at
http://code.google.com/apis/ajaxsearch After clicking Start using the Google AJAX Search
API, you will be presented with a page similar to the one shown in Figure 10.3.
Hacking Google Services • Chapter 10 375
Trang 6Figure 10.3 AJAX Search API Key Generation
You need to provide a URL where the service will be accessed from If you are planning
to host the application from a simple page on your desktop, you can input just about any-thing you choose In fact, this option seems to be largely irrelevant For the purpose of this demonstration, we will use http://dummy as this URL Most applications work with the internal Google key which is used across all API demo applications
After accepting Google’s term and conditions you will be provided a page that will pre-sent you with the actual Google API key which is specifically generated for the previously supplied URL.This page also gives you an example of how to use the AJAX Search box This is the code was generated for us:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<title>My Google AJAX Search API Application</title>
<link href="http://www.google.com/uds/css/gsearch.css" type="text/css"
rel="stylesheet"/>
<script
src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAAsFym1Ew5o48
376 Chapter 10 • Hacking Google Services
Trang 7type="text/javascript"></script>
<script language="Javascript" type="text/javascript">
//<![CDATA[
function OnLoad() { // Create a search control var searchControl = new GSearchControl();
// Add in a full set of searchers var localSearch = new GlocalSearch();
searchControl.addSearcher(localSearch);
searchControl.addSearcher(new GwebSearch());
searchControl.addSearcher(new GvideoSearch());
searchControl.addSearcher(new GblogSearch());
// Set the Local Search center point localSearch.setCenterPoint("New York, NY");
// Tell the searcher to draw itself and tell it where to attach searchControl.draw(document.getElementById("searchcontrol"));
// Execute an inital search searchControl.execute("Google");
} GSearch.setOnLoadCallback(OnLoad);
//]]>
</script>
</head>
<body>
<div id="searchcontrol">Loading </div>
</body>
</html>
Copy the code and paste it inside a new file named test.html, for example Now open the file in your browser.You should be able to see a page similar to the one shown in Figure 10.4
Hacking Google Services • Chapter 10 377
Trang 8Figure 10.4 Test AJAX Search Page
Let’s take a look at what we have done so far.The generated HTML code reveals some
of the basic characteristics of the API First, the code loads the AJAX Search API default style sheet (CSS), followed by a JavaScript script reference:
<script
src="http://www.google.com/uds/api?file=uds.js&v=1.0&key=ABQIAAAAsFym1Ew5o48 zXESOPhV4ExSFOvRczLyAyj57qAvViVrKq19E6hSZhJSVQBi2HRSzsW1XyZzxdffdfQ"
type="text/javascript"></script>
This script loads a couple of JavaScript wrapper classes, which are used as a more conve-nient way to access the API As we are going to learn from the following sections, we don’t really need them since we can access the API directly (i.e raw accesses)
Next, another script block is defined, which initializes the environment and configures
the AJAX Search control box.This is done within the OnLoad function which is called after
Google finishes with loading all dependencies required to render the graphical environment: function OnLoad() {
// Create a search control var searchControl = new GSearchControl();
// Add in a full set of searchers
378 Chapter 10 • Hacking Google Services
Trang 9var localSearch = new GlocalSearch();
searchControl.addSearcher(localSearch);
searchControl.addSearcher(new GwebSearch());
searchControl.addSearcher(new GvideoSearch());
searchControl.addSearcher(new GblogSearch());
// Set the Local Search center point localSearch.setCenterPoint("New York, NY");
// Tell the searcher to draw itself and tell it where to attach searchControl.draw(document.getElementById("searchcontrol"));
// Execute an inital search searchControl.execute("Google");
}
The second line in the OnLoad function initializes a Google Search control object.The
search control object can reference as many search engines as we need We can even define
our own, but in this example we will set the default ones which are GwebSearch,
GvideoSearch, GblogSearch and the GlobalSearch (i.e Google Local Search) At the end of this
block, the controller is rendered on the current page with the draw function, which takes as
a parameter an element from the DOM tree which will hold the Search box
This search box can be customized in many different ways For example, we can change the colors, re-order the search section and even supply custom search engines which we will discuss later in this chapter
For more basic information refer to the Google AJAX Search API documentation which can be found from the following URL http://code.google.com/apis/ajaxsearch
Deeper into the AJAX Search
Now that we have seen how to embed the AJAX Search box, it is time to come up with
something more interesting As you probably noticed, the AJAX Search form is a good place
to start with experimenting with the service but it does not provide the level of flexibility
hackers usually work with For that reason we need to dig deeper into the AJAX Search API and discover the more interesting characteristics of the service For the next step we are
going to make use of a HTTP request listener We are going to use Firefox as our primary
tool for development
There are a couple of prerequisites Most of all you’ll need Firefox, which can be down-loaded from www.mozilla.com/firefox We’ll also make use of a Firefox Extension known as
“LiveHTTP Headers”, which can be downloaded from
https://addons.mozilla.org/en-US/firefox/addon/3829 After installing the extension, restart Firefox
The LiveHTTPHeaders extension allows us to analyze and replay HTTP requests In case you want to monitor traffic, you can simply open the extension window in your
browser sidebar by selecting View | Sidebar | LiveHTTPHeaders On the other hand, in case
Hacking Google Services • Chapter 10 379
Trang 10you need to use the request reply feature you may want to open it in a separate window, by
selecting Tools | LiveHTTPHeaders, as shown in Figure 10.5.
Figure 10.5 LiveHttpHeaders Main Window
Traffic monitoring tools such as the LiveHTTPHeaders extension are essential to web application security testers.Theses tools reveal what is happing in the background and pro-vide features for disassembling and reassembling the generated requests, easily exposing fun-damental application vulnerabilities and insights of the tested application inner workings Once the environment is ready, we are able to start with hacking into the AJAX search logic.The plan is to set the LiveHTTP Headers extension to listen for all the traffic, while we are making subsequent queries to the service.Then we are going to look at the generated output and figure out what request needs to be made in order to mimic the AJAX form behavior We are going to use that in the next section of this chapter where are going to talk about writing custom search engines for good or malicious purposes But first, let’s dig From within Firefox, enable the LiveHTTPHeaders extension and visit a page that con-tains an AJAX Search dialog, such as www.google.com/uds/samples/apidocs/
helloworld.html After submitting a query, LiveHTTPHeaders will reveal what happens
behind the scenes From within the results page, be sure to enable the show all results button
located at the right of each section as shown on Figure 10.6 It is essential to do that for the
380 Chapter 10 • Hacking Google Services