Google has just launched Jarlsberg – A Web application that generates web applications full of vulnerabilities. Jarlsberg is a great idea for people who work with web development/security. Just access http://jarlsberg.appspot.com/ to learn more about ir. For the impatient: access http://jarlsberg.appspot.com/start and try to find some exploits!!

I’ll give it a try and will write more about it later.

Advertisements

This will be a (not so) brief walkthrough on how to create a basic wave robot and add custom functionality for it. Most of what is written below comes from Google App Engine (GAE) docs and Google Wave API . It was only a dummy project, but I’m looking forward to improving it further so, if you got any ideas, tell it in the comments!

This walkthrough will be divided in four steps:  An Introduction; Creating a GAE application; Creating and Testing a Google Wave Application; Sending Emails with Google Wave.

First Step: Introduction

First of all, you need to know that if you want to create Google Wave Robots, you have to host them using GAE. Google intends to let you host your own robot in the future, but for now… If you don’t have a GAE account yet, click here.

A Google Wave Robot is a GAE application that uses the Google Wave API to respond to events generated on Google Wave. GAE applications can be written in Java or Python, being Python the language of choice for this bot.

Second Step: Creating a GAE Application

Follow this tutorial to create a basic Hello World application. If you want to (and I STRONGLY suggest you to do it), go through the whole tutorial. Yet, for our purposes, you only need to get to the Hello World topic.

Checking the minimum set of skills you have developed in this step:

  • app.yaml syntax;
  • Uploading an application to GAE;
  • Checking for erros using the GAE console(click in your application and go to Log). If any errors happen, it will be logged here.

Third Step: Creating and Testing a Google Wave Application

Now, create a new folder for your new project. Import the Google Wave API to your application. Place it inside your project folder, so that it wil be deployed with the rest of the application. This link has a nice wave hello world. If you are developing a real application, please DON’T put the code which treat the events in the same file as the event handling class. It will make your handling code difficult to test locally, and will make you lose time by having to submit your code to GAE multiple times.

Now, you should be able to:

  • Develop code to treat wave events;
  • Add your robot to a wave;
  • See your robot interacting with you in the wave.

Last Step: Sending e-mails from your Google Wave application

You won’t be able to directly use an outside smtp server to do this. Your GAE application runs inside a sandbox that doesn’t give access to some python/java libraries (the socket library, for example).

But you can send emails using the GAE administrator account. You can refer to this to check the python email API. To use it in the previous application, you need to:

  • Get the wave participants;
  • Pass them to the API in the desired format;

The Google Wave API docs are not well documented/organized. So I’m gonna give more details here than I did before:

To get the the list of participants, you will have to call
context.GetRootWavelet().GetParticipants()
This will return a set of participant ids. These ids are the google ids from the participants, plus “@googlewave.com”. A simples string parsing function here transform this list in a list of emails. The emails should be in one string and separated by ‘;’. This gives us the ‘to’ field of the email.

The subject and body are your own choice.

That’s it

Check the code in the Google Code page for this project. If you have any suggestions, corrections, improvements you want to send, feel free to checkout and modify the code.