Wednesday, November 30, 2011

Web Application Vulnerability Unit Testing Cheat Sheet (Capybara and Watir-WebDriver)

For an example template for Watir-WebDriver/RSpec or Capybara Test Case, start here:
For common questions with Watir-WebDriver or Capybara, look here next:
  • http://watirwebdriver.com/web-elements/ (and the "advanced interactions" items)
  • https://github.com/jnicklas/capybara
Finally, refer to the cheat sheet below for issues I came across while trying to write test case for web application vulnerabilities:

Detect and Close JavaScript Alert Boxes:
Watir-WebDriver
begin
browser.driver.switch_to.alert.accept #raises an exception if no alert is present
puts 'alert box found'
rescue
puts 'alert box not found'
end

Capybara:
page.driver.browser.switch_to.alert.accept

Perform Arbitrary HTTP POST Requests:
Watir-WebDriver
#POST http://owaspbwa/vicnum/vicnum5.php
#player=<script>alert(1)</script>
require 'tempfile'
require 'escape_utils'
require 'watir-webdriver'
target='http://owaspbwa/vicnum/vicnum5.php' #the attack target
post='player=<script>alert(1)</script>' #the POST data to send to the target
postdata=Array.new
post.split('&').each do |name_value|
postdata.push(name_value.split('='))
end
#Create an HTML form to submit the POST request
html="<html><head></head><body>\r\n"
html+='<form name="WATIR_AUTO_FORM" method="post" action="'+target+'">'+"\r\n"
postdata.each do |pair|
if(pair.count > 0 && pair[0] && !pair[0].empty?)
html+='<input type="hidden" name="'+pair[0]+'" value="'
if(pair.count > 1 && pair[1])
html+=pair[1]
end
html+='" />'+"\r\n"
end
end
html+='</form><script>document.forms["WATIR_AUTO_FORM"].submit();</script></body></html>'
#save the HTML content to a file.
f=Tempfile.new('test.html')
f.puts(html)
location='file://'+f.path
print location+"\r\n"
f.close
browser = Watir::Browser.new
#View the generate HTML page
browser.goto location
begin
browser.driver.switch_to.alert.accept #throws an error if no alert is present
puts "XSS alert box was displayed!"
rescue
puts "Failed!"
end
view raw Arbitrary HTTP POST with Watir-WebDriver.rb hosted with ❤ by GitHub


Send Keyboard Commands:
Watir-WebDriver
browser.text_field(:name,/login/i).send_keys(:arrow_down)

Capybara:
page.find_field('login').native.send_keys(:arrow_down)

Search For Text/HTML Within a Nested Frame:
Watir-WebDriver

def each_frame(frames,&block)
frames.each do |f|
yield f
each_frame(f.frames,&block)
end
end
status = browser.html.include?(match)
each_frame(browser.frames) do |f|
break if(status=status || f.html.include?(match))
end
view raw gistfile1.rb hosted with ❤ by GitHub

Returning Content From Javascript:
Watir-WebDriver
browser.execute_script(‘return “asdf”’) #=> returns “asdf” to ruby

Include JQuery: Watir-WebDriver browser.execute_script(%q| var el = document.createElement("script"); el.setAttribute("src","http://code.jquery.com/jquery-1.6.4.min.js"); document.body.appendChild(el);|)

Return HTTP Headers:
Watir-WebDriver

url='http://www.google.com'
browser.goto(url)
browser.execute_script(%q|var el = document.createElement("script");el.setAttribute("src","http://code.jquery.com/jquery-1.6.4.min.js");document.body.appendChild(el);|)
browser.execute_script(%q|var geturl = $.ajax({type: GET,url: '|+url+%q|',complete: function () {$('body').data('httpheaders_complete',true);},success: function (data,status,xhr) {$('body').data('httpheaders',geturl.getAllResponseHeaders());$('body').data('content',data);}});|)
browser.wait_until { browser.execute_script(%q|return $('body').data('httpheaders_complete');|) }
browser.execute_script(%q|return $('body').data('httpheaders');|)
view raw gistfile1.rb hosted with ❤ by GitHub


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)