Anyone trying to find or exploit vulnerabilities on the web has likely needed to pose as a client before. In order to find flaws in a web service, you need at least a basic understanding of how the client talks to the server and vice versa, so that you can later send your own crafted requests. But modern protocols and data structures aren’t always easy on the middle man.

For most of its major web apps, Google uses a batch-style RPC system that can be spotted by its common slug: batchexecute. …

About

Ryan Kovatch

I'm a web security researcher participating in the Google VRP in my free time.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store