Andres, I haven't read this paper yet but I'll try to answer on your questions. I currently make experiments with pair PhantomJS/CasperJS which give you opportunity to make almost all things as you can do if you have injected JS script into target web app plus some other useful things like page capturing.
>> This might be an interesting read for your ajax research: >> http://blog.watchfire.com/wfblog/2012/06/automated-blackbox-crawling-the-next-generation.html > >> > After reading this paper, I came up with a requirement list for our > RIA crawling engine, the algorithm we implement afterwards is > independent from the requirements; but with these it should be > possible to do almost anything: > > * Load an URL Yes, it can > * All HTTP traffic from the automated browser should go through an > HTTP proxy we define Yes, it can and I have already implemented it in web20Spider.py > * For each state in which the automated browser is in, be able to > return a list with all the custom events available (ie. if there is > a tag with<div onmouseover="..." this should return something like > [( <div object at 0x...>, 'onmouseover')] ) I'm not sure about it. Such thing even difficult with FireBug as I know. > * Send an event, for example (<div object at 0x...>, 'onmouseover'), > to the current DOM Yes, it can > * We need to be able to store events like (<div object at 0x...>, > 'onmouseover') in order to store a path and replay it if wanted Currently I store not events paths but CSS selectors of interesting objects like links and images. But it's discussable. > * Ability to tell if the latest event that was sent by us caused a > full DOM reload or not > * Dump current DOM (with all JS and external > resources) to a string. Useful for comparing two states and restoring > a state * Load a stored DOM into the automated browser instance. This > restores a saved state. Capturing/hashing of DOM is a good idea. And I also thought about it and about comparing states based on it. Currently I don't know if it is possible with PhantomJS but I'll try to find it out. If it possible having injected JS then it possible for us. For the first step I've decided to start with simple model when state identified with URL. I know that there are web apps which changes states without changed URL (please, look on spider.js [0]). But I repeat...it is first step and PoC :) > * (optional) Take screenshot of current page Yes, it can. Some time ago with PhantomJS I have made PDF version of my slides in HTML/JS format :) > @all: Any other thing you can think of? Let me read for the first this article :) I also recommend to read "Invariant-Based Automatic Testing of Modern Web Applications" by Ali Mesbah, Arie van Deursen and and Danny Roest [1] [0] http://w3af.svn.sourceforge.net/viewvc/w3af/branches/webapps/plugins/discovery/web20Spider/spider.js?revision=5281&view=markup [1] "Invariant-Based Automatic Testing of Modern Web Applications" by Ali Mesbah, Arie van Deursen and and Danny Roest, http://www.ece.ubc.ca/~amesbah/docs/tse11.pdf -- Taras http://oxdef.info ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
