Your SlideShare is downloading. ×
A new look into web application reconnaissance
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

A new look into web application reconnaissance

953
views

Published on

Presentation by Jurgens van der Merwe at ZaCon 2 in 2010. …

Presentation by Jurgens van der Merwe at ZaCon 2 in 2010.

This presentation is about Selenium, a browser automation framework and its applications in web reconnaissance. Examples of using Selenium with facebook are discussed.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
953
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.   Jurgens  van  der  Merwe  (jurgens@sensepost.com)    Junior  analyst  with  SensePost    Interests:     Information  Security       Innovative  Technologies     Music     Skateboarding     etc  
  • 2.          Purpose            Interface                          Speed              Value                          Attack  surface                      Complexity  
  • 3.            Purpose              Interface                          Speed            Value                                Attack  surface                      Complexity  
  • 4.   Browser  Automation  Framework    for  Testing  Web  Applications    Consists  of  3  parts  :     Selenium  IDE     Selenium  Remote  Control     Selenium  Grid    For  this  talk  we  will  focus  on    the  core  library  and  functionality  of  Selenium  Framework    
  • 5.   Automation     The  ability  to  trigger  sequential  events  without  the  need  of   manual  interaction    Harvesting     The  ability  to  gather  large  datasets  of  common  objects   over  a  period  of  time    Extraction     The  ability  to  extract  key  elements  from  an  entity  in  order   to  obtain  valuable    information  regarding  a  specific  target  
  • 6. Over  700  billion  minutes  a  month  =    19865  lifetimes  
  • 7.   Behind  the  ‘Sannie’  experiment     Purpose     Showing  that  bots  can  act  like  humans  too.     Goal     Following  logical  pathways  to  mimic  human  interaction.     Demo  
  • 8.   The  mass  friendship  harvest     Purpose     Harvest  user  relationships       Goal     Determining  the  theory  behind:      {  friends  of  a  friend,  of  a  friend,  of  a  friend,  of  a  friend,  of  a   friend,  of  a  friend,  of  a  friend,  of  a  friend,  of  a  friend….  }  
  • 9.   The  Facebook  Profiler     Purpose     Creating  my  own  personal  address  book     Goal     Extracting  user  information  from  facebook  profiles     Demo  
  • 10.   Web  Simulator    Supports  various  browsers  like     Mozilla  Firefox       Google  Chrome     Opera     Safari     Internet  Explorer    Interacts  with  the  Document  Object  Model  (DOM)  
  • 11.   Latency!!!       Super  fast  ZA  internet.     Having  to  wait  for  the  web  element  to  be  completely   constructed  within  the  DOM.    Complexity  of  the  application     Understanding  the  logic  behind  the  application.  
  • 12.   Selenium  is  a  cool  technology  for  interacting  with  any   Web  2.0  application.    Impersonates  human-­‐like  interaction  with  a  web   application  by  following  logical  paths.      Ability  to  rely  on  the  browser’s  DOM  rather  than  the   source  of  a  web  page  when  extracting  information.     Allow  you  to  actually  see  the  browser  execute  your  code   and  navigate  through  the  targeted  application.    The  ability  to  test  the  functionality  of  the  web   application  through  various  browsers.  
  • 13. ???????????????????????????????????????????????????????   Questions  ???????????????????????????????????????????????????????