[cisco-voip] Hacking UCCX for fun and profit: Reading POST body data for HTTP Applications.

Anthony Holloway avholloway+cisco-voip at gmail.com
Mon Aug 10 20:19:40 EDT 2020


Tanner's playing 4D chess over here.  Dayum!

PS I filed an Idea request for POST body content being available to us, and
it was marked as a future consideration.  If you were so inclined, you
could vote on it, to help make it a reality, but if not, that's cool too.

https://ciscocollaboration.ideas.aha.io/ideas/COLLAB-I-8308

On Mon, Aug 10, 2020 at 5:19 PM Tanner Ezell <tanner.ezell at gmail.com> wrote:

> Anthony brought a support forums post (
> https://community.cisco.com/t5/contact-center/ccx-http-trigger-post-support/m-p/4020305)
> to my attention with the request of how to use UCCX, essentially as
> middleware HTTP server, needing to parse contents passed as part of a HTTP
> POST request.
>
> HTTP capabilities within UCCX are actually quite powerful, however there
> are no interfaces for directly interacting with the data. Now, it is my
> opinion that the *Get Http Contact Info *step should contact this
> functionality, and it would be trivial to this capability to it. Maybe
> Cisco will one day..
>
> Until then, we're going to bend the spoon and spit out some content.
>
> It is impractical to access the servlet object from the CCX editor on your
> machine because it is missing numerous required classes that are actually
> available to executing scripts. Because of this, you'll never be able to
> access the required methods directly. As a result, we'll use Java
> reflection to access the internal data objects for our manipulation.
>
> Without further ado, here's the code:
>
> {
> // Author: Tanner Ezell (tanner.ezell at ctilogic.com)
> // USE AT YOUR OWN RISK
> // Will probably break if Cisco makes underlying changes.
>
> Class servletClass = Class.forName("javax.servlet.ServletRequest");
> java.lang.reflect.Method getRequestMethod =
> contact.getClass().getDeclaredMethod("getRequest", null);
> java.lang.reflect.Method getReaderMethod =
> servletClass.getDeclaredMethod("getReader", null);
> getRequestMethod.setAccessible(true);
> Object request = (getRequestMethod.invoke(contact, null));
> java.io.BufferedReader reader = (java.io.BufferedReader)
> getReaderMethod.invoke(request, null);
>
> StringBuilder builder = new StringBuilder();
> String line;
> while( (line = reader.readLine()) != null) {
> builder.append(line);
> }
>
> return builder.toString();
> }
>
> You need a contact variable (type: Contact, name: contact) that must not
> be null.
>
> You'll need to set this expression in the Set step. After you have the
> response, you'll need to parse it appropriately, whatever that may look
> like towards your specific application.
>
> Here's a simple application:
>
> [image: image.png]
>
> And demonstration of it working:
>
> [image: image.png]
>
> That's it. Don't forget, this only works on Http Contacts, it's absolutely
> possible this stops working if Cisco makes underlying changes to how they
> process servlet requests.
>
> Happy hacking.
>
> Regards,
> Tanner Ezell
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200810/29f115cb/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 239885 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200810/29f115cb/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 406235 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200810/29f115cb/attachment-0003.png>


More information about the cisco-voip mailing list