Re: [W3af-develop] Crawling RIAs

Wed, 27 Jun 2012 20:10:08 -0700 

List,

On Wed, Jun 27, 2012 at 5:16 PM, Andres Riancho
<andres.rian...@gmail.com> wrote:
> Taras,
>
>    This might be an interesting read for your ajax research:
>    
> http://blog.watchfire.com/wfblog/2012/06/automated-blackbox-crawling-the-next-generation.html

    After reading this paper, I came up with a requirement list for
our RIA crawling engine, the algorithm we implement afterwards is
independent from the requirements; but with these it should be
possible to do almost anything:

* Load an URL
* All HTTP traffic from the automated browser should go through an
HTTP proxy we define
* For each state in which the automated browser is in, be able to
return a list with all the custom events available (ie. if there is a
tag with <div onmouseover="..." this should return something like [(
<div object at 0x...>, 'onmouseover')] )
* Send an event, for example ( <div object at 0x...>, 'onmouseover'),
to the current DOM
* We need to be able to store events like ( <div object at 0x...>,
'onmouseover') in order to store a path and replay it if wanted
* Ability to tell if the latest event that was sent by us caused a
full DOM reload or not
* Dump current DOM (with all JS and external resources) to a string.
Useful for comparing two states and restoring a state
* Load a stored DOM into the automated browser instance. This restores
a saved state.
* (optional) Take screenshot of current page

    @all: Any other thing you can think of?
    @Taras: What's provided by the library you're currently experimenting with?

Regards,

> Regards,
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to