Posts

Showing posts from 2012

Setting up your Web application security testing environment

Hi,
Today i am going to list some free tools that will be very helpful for web application security testing and the great thing about these tools are they all are platform agnostic. This means they all will run on your system no matter what kind of operating system you use and will work with your web application no matter what web technologies your web app is build with. So let’s get set up your environment.
Installing Firefox The Firefox web browser serves as the best web browser for with its extensible add-on architecture for security testing. Even if your application isn't specifically written for Firefox compatibility, you can use Firefox to test the behind the scenes, security-focused aspects. Download:  http://www.mozilla.com/en-US/firefox/
Installing Firefox Extensions Firefox extensions provide a great deal of additional functionality. There are few extensions that comes as very helpful for web application testing. View Source Chart https://addons.mozilla.org/en-US/firefox/addon/6…

Email Spoofing : How to spoof email address

In my post i have used mailserver.com just for example you need to use an real time mail server for yourself.
Why not try on your org email domain :)

Open Command prompt then enter the following commands.
telnet smtp.mailserver.com 25
HELO QA <PRESS ENTER>
MAIL FROM:yourid@mailserver.com   <PRESS ENTER>
RCPT TO:yourid@mailserver.com   <PRESS ENTER>
DATA   <PRESS ENTER>
Subject:test mail <PRESS ENTER TWICE>
This a test mail           (This is body text)
.                                 (This '.' is to end the mail)

If you see something like following message, then it means you have successfully spoofed the sender email.
250 2.0.0 qA28jUNa098936 Message accepted for delivery

Type QUIT to quit.



Install windows from bootable USB DRIVE/Pendrive

Image
Hello friends,

Most of the time my friends asks me to help them install windows to their system via USB pen drive. So today I am going to write down the steps to make win7/vista bootable pen drive.

To make a bootable pendrive . You should have –
Atleast 4 to 8 Gb pendrive.
Windows 8/7/vista DVD or Windows 8/7/DVD image 




So once you have it.
10 Steps to make your pen drive boot-able :.
1.       Plugin your pendrive to your PC or laptop.
2.       Go to ‘My Computer’ and format the pen drive.
3.       Now open command prompt with Administrator priviledges.
(Go to Start > All programs > Accessories > command prompt , right click on command prompt and run it as an administrator.)
4.       When command prompt opens,enter the following command in series as written below
a.       DISKPART   ,  and press enter.

b.      LIST DISK  , press enter.

Once 'LIST DISK' command is completed. From the results remember the disk name of your pen drive. As in my case my USB name is “Disk 2”…

How to locate element in Html 'svg' tag in Selenium 2(Webdriver)

Sample svg code enbeded into Html code
<html> <head> <title>automatethebox.blogspot.com</title> </head> <body> <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="939" height="360"> <defs> <g zIndex="10"> <tspan x="5.5">You</tspan> </g> <g zIndex="20"> <tspan x="5.5">Me</tspan> </g> <g zIndex="30"> <tspan x="5.5">None</tspan> </g> </svg> </body> </html> Selenium 2 (Webdriver) code to locate and intract with an svg element embeded into HTML
Suppose in above given svg code three buttons are embeded into the svg.
Now we will be finding the button and be clicking on them using 'css locators'.Here we go....

Method 1
// First of all find the 'svg' tag in the page and save it int…

How to switch between browser windows in Selenium 2 (WebDriver Java)

// Store you current window handle in a String variable. String parentWindow = driver.getWindowHandle(); // Click on the the page element which causes a new window to be opened,suppose a link. driver.findElement(BY.linkText("myLink")).click(); // Get the window handle of the new browser window opened. String childWindow = (String) driver.getWindowHandles().toArray()[1]; // Switch to newly opened window. driver.switchTo().window(childWindow); // Switch back to main window. driver.switchTo().window(parentWindow);
© automatethebox. All Rights Reserved

How Google reCaptcha works.

Image
Capcha stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart'


Google reCaptcha usually contains two ciphered words as shown in above image.
Among the two words one word is 'Control word' while other is 'Unknown word' i.e. 'Control word' is the word for which reCaptcha software knows the correct result where for the 'unknown word' Google reCaptcha software itself don't know the exact result.

Q :  So, the question is if i write a invalid word in place of 'unknown word' in the reCapcha response will it pass.
A  : Yes, it will pass as Google itself does not know the correct result  :)

For example :
If  two words are displayed as a challenge, then the word which seems more difficult to be readable by humans and OCR  is the 'Unknown word.' (In above picture "ynnonp" looks like the unknown word.)
So if you type the first word(ynnonp) incorrectly and second word (execellent) correctly, you w…

Stop the Jmeter process from windows command line

Image
Hi,

Today i got into a problem when i wanted to stop/kill Jmeter process from command line.
But as Jmeter runs as a java.exe process, so we cant just kill the java processes to stop the Jmeter.
So i tried just a little hack to kill only the Jmeter process and it worked... :)


You can try the following command in windows command promt for this.

Execute the following command on windows command line one by one ================================================================

1: FOR /F "tokens=*" %%G IN ('netstat -o ^| find /C "8085"') DO SET JCOUNT=%%G 2: SET /a JCOUNT-=1 3: FOR /F "tokens=5 skip=%JCOUNT%" %%G IN ('netstat -o ^| findstr 8085') DO taskkill /F /PID %%G
Or you can put all the above files in a batch file and execute that.

In the above command replace the port '8085' with the port number you are using for Jmeter to start on.

Cheers!!!

© automatethebox. All Rights Reserved