jg8481
(Joshua Gorospe)
16 July 2020 01:49
1
I have created the following desktop and mobile browser automation examples that utilize OWASP Zed Attack Proxy (in Docker), Charles Proxy, and Wireshark. I am also working on creating a demonstration and presentation of these examples in an upcoming free webinar hosted by the East Coast Robot Framework Users meetup.com group. More details will be coming soon. If you have questions, feel free to ask me or Ed Manlove.
*** Settings ***
Documentation Security and penetration tests that will check a target application for possible vulnerabilities. Combines OWASP Zap, Selenium, Docker and Robot Framework.
Resource ${EXECDIR}//Tests//Workshop-Part-Two//Resources//Security-And-Penetration-Test-Resources.robot
Suite Setup Check OWASP Zap Proxy And XVFB Are Both Running
Suite Teardown Generate Reports Gather Logs And Clean Up
*** Variables ***
${PATH} ${EXECDIR}
*** Test Cases ***
OWASP ZAP TEST 1 - Checks for different types of Injection vulverabilities using the OWASP Zap Active Scanners.
Run Active Scans For Number 1 Risk In 2020 OWASP Top 10
[Tags] OWASP_Zap_Security_And_Penetration_Tests Number_1_Risk_On_OWASP_Top_10 Injection_Vulverability_Test
OWASP ZAP TEST 2 - Checks for different types of Cross-Site Scripting vulverabilities using the OWASP Zap Active Scanners.
Run Active Scans For Number 7 Risk In 2020 OWASP Top 10
[Tags] OWASP_Zap_Security_And_Penetration_Tests Number_7_Risk_On_OWASP_Top_10 Cross-Site_Scripting_Vulverability_Test
OWASP ZAP TEST 3 - Checks for Injection and Cross-Site Scripting using Selenium and OWASP Zap Passive and Active Scanners
This file has been truncated. show original
*** Settings ***
Documentation Simple example using Charles Proxy and AppiumLibrary.
Resource ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//Appium-Mobile-Resources.robot
Library ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//CharlesProxyExample.py
Library OperatingSystem
Library Process
Suite Teardown Close All Applications
*** Variables ***
${PATH} ${EXECDIR}
${TEST_SUITE_TIMEOUT} 2
${CHARLES_PROXY_APPIUM_EXAMPLE_URL} http://nodegoat.herokuapp.com/login
*** Test Cases ***
CHARLES PROXY MOBILE TEST - Go to the OWASP Node Goat home page in an iOS mobile browser while Charles Proxy is recording a session, and check the JSON session file.
[Tags] Mobile_Safari Charles_Proxy Charles_Proxy_IOS
[Setup] Start Charles Proxy For Mobile Browser
Open The Safari Browser In IOS After Starting Charles Proxy
This file has been truncated. show original
*** Settings ***
Documentation Simple example using Wireshark and SeleniumLibrary.
Resource ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//Selenium-Desktop-Resources.robot
Library ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//WiresharkExample.py
Library OperatingSystem
Library Process
Suite Setup Stop Any Running Android Emulators And Related Processes On MacOS
*** Variables ***
${PATH} ${EXECDIR}
${WIRESHARK_SELENIUM_EXAMPLE_URL} https://www.youtube.com/watch?v=wBhY5Z2RoqQ&feature=youtu.be&autoplay=1
${WIRESHARK_SELENIUM_BROWSER} Firefox
*** Test Cases ***
WIRESHARK DESKTOP TEST 1 - Go to a YouTube page in a MacOS desktop browser while Wireshark is capturing packets on WiFi, then check the Loopback Interface.
[Tags] Desktop_Firefox Wireshark Wireshark_MacOS
[Setup] Navigate To Website Using Firefox Then Run Wireshark
Run Wireshark Live Packet Capture For Loopback Interface Lo0 And Check The Output
This file has been truncated. show original
*** Settings ***
Documentation Simple example using Wireshark and AppiumLibrary.
Resource ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//Appium-Mobile-Resources.robot
Library ${EXECDIR}//Workshop-Examples//Tests//Workshop-Part-Two//Resources//WiresharkExample.py
Library OperatingSystem
Library Process
Suite Setup Stop Any Running Android Emulators And Related Processes On MacOS
*** Variables ***
${PATH} ${EXECDIR}
${WIRESHARK_APPIUM_EXAMPLE_URL} https://www.youtube.com
*** Test Cases ***
WIRESHARK MOBILE TEST 1 - Go to a YouTube page in an iOS mobile browser while Wireshark is capturing packets on WiFi, then save it to a packet capture file.
[Tags] Mobile_Safari Wireshark Wireshark_IOS
[Setup] Navigate To Website Using Safari Then Run Wireshark
Run Wireshark For WiFi Interface En0 And Create Packet Capture File
[Teardown] Close Applications And Terminate Wireshark Processes
This file has been truncated. show original
2 Likes
jg8481
(Joshua Gorospe)
12 January 2021 15:53
2
Just an FYI. There is an upcoming free online East Coast Robot Framework Users Meetup event covering the Wireshark example mentioned in my July 2020 post. I will also be demonstrating a fun and possibly profitable RPA example as bonus content.
https://www.meetup.com/East-Coast-Robot-Framework-Users/events/275596377/