Wednesday, 14 August 2013

Using captured account details on login form

This post will put in practice the data collected in Generating an small MD5 Rainbow Table in C#  and  Loading, parsing and consuming unstructured data (i.e. password hashes from google)

Usually if you have access to usernames and passwords, a good test is to see if they work on the site that we are currently (legally) testing (remember that a lot of companies don’t have a good sense of humor if you do do this type of automated testing on them)

Let’s say that we have a website that has a login page like HacmeBank:

image

The first step is to write a script to automate the Login process.

To do that open the O2 Platform’s IE Script tool:

image

Delete the example that is in there, and just leave the first line and last three comments:

image

Now let’s script an Login function.

Use ie.open(http://localhost:15582/HacmeBank_v2_Website/aspx/login.aspx); to open the target page:

image

Use return ie.fields();  to get a list of available fields (which will be shown in the Output window (bottom right)):

image

Populate the fields values using ie.field("txtUserName").value("aaaa"); and ie.field("txtPassword").value("bbb");  , and get a reference to the button using return ie.buttons().first(); :

image 

Click on the button:

image

If you are looking for a particular element, one good technique is to ‘inject FirebugLite’ into the page:

image

… or to call the showElementsInTreeView Extension Method

image 

… which will open a form like this:

image

.. which can be used to find the element that has the login result (in this case lblResult)

image

Final step in our automation of the Login Method is to wrap this code in an Lambda method:

image

Let’s say that we have a csv file with user account details, created for example using this script (based on the code from the previous post)

image

The file has this format:

image

... and was saved on the O2’s temp folder:

image

Back in the HacmeBank script, we can load this data file like this:

image

Next, comment the first line and create an topPanel variable:

image

… so that we can add a DataGridView

image

.. and try to login using the user data loaded from the csv file:

image

Scripts source code:

Post a Comment