Jurgens van der Merwe ([email protected]) Junior analyst with SensePost Interests:
Information Security Innovative Technologies Music Skateboarding etc
Purpose Interface Speed
Value Attack surface Complexity
Purpose Interface Speed
Value Attack surface Complexity
Browser Automation Framework for Testing Web Applications Consists of 3 parts :
Selenium IDE Selenium Remote Control Selenium Grid
For this talk we will focus on the core library and functionality of Selenium Framework
Automation The ability to trigger sequential events without the need of manual interaction
Harvesting The ability to gather large datasets of common objects over a period of time
Extraction The ability to extract key elements from an entity in order to obtain valuable information regarding a specific target
Over 700 billion minutes a month = 19865 lifetimes
Behind the ‘Sannie’ experiment
Purpose Showing that bots can act like humans too.
Goal Following logical pathways to mimic human interaction.
Demo
The mass friendship harvest
Purpose Harvest user relationships
Goal Determining the theory behind: { friends of a friend, of a friend, of a friend, of a friend, of a friend, of a friend, of a friend, of a friend, of a friend…. }
The Facebook Profiler
Purpose Creating my own personal address book
Goal Extracting user information from facebook profiles
Demo
Web Simulator Supports various browsers like
Mozilla Firefox Google Chrome Opera Safari Internet Explorer
Interacts with the Document Object Model (DOM)
Latency!!! Super fast ZA internet. Having to wait for the web element to be completely constructed within the DOM.
Complexity of the application Understanding the logic behind the application.
Selenium is a cool technology for interacting with any Web 2.0 application.
Impersonates human-‐like interaction with a web application by following logical paths.
Ability to rely on the browser’s DOM rather than the source of a web page when extracting information.
Allow you to actually see the browser execute your code and navigate through the targeted application.
The ability to test the functionality of the web application through various browsers.
???????????????????????????????????????????????????????
Questions
???????????????????????????????????????????????????????