Fuzz test (framework) web application?

风流意气都作罢 提交于 2021-02-06 02:38:10

问题


Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel.

For example, I could benefit from these features:

  • randomized link clicking
  • randomized form filling
  • 'back' and 'forward' clicking
  • random mouse movement and clicking
  • javascript support

Does anyone know of project that implements these features? (preferably Java :))


回答1:


I was curious about this as well since we use Selenium/Java here at my office, and did some digging of my own. I found a few links that may be useful to you:

Fuzz Testing - IBM - I suspect you may have already found this link though.

Monkey Fuzz Testing - I know, I know... it's .NET. BUT, it may give you some good ideas as to how to implement it on your end.

Stephen Coldebourne's Blog - This was a great read; well worth your time.

JBroFuzz - This is pretty awesome. That is all.




回答2:


As the post tagged "javascript", I'm adding here Gremlins.js which is a testing/fuzzing framework written for Node and browsers. Surprised no one mentioned it yet.




回答3:


Some new JS Fuzz testing NPM modules now existing. Sadly, many are not widely used, so expect them to need some polish or TLC.

  • fuzzer
  • sorrow
  • javascript-fuzz
  • fuzzur



回答4:


Unfortunately there is (now = September 2013) almost no general purpose Fuzz testing tool using Selenium. But luckily you could implement your own specialized fuzz tool.

Requirements:

  • Knowledge of Selenium RC/WebDriver
  • Some programming skill in a language that Webdriver supports
  • Good structure of your HTML elements, so that you could easily focus your fuzzing. One good practice, regardless the old (messy ?) structure of your HTML pages, is to add a specific id, e.g. selenium-id to your HTML element, to (1) simplify XPath formation, (2) speed up XPath resolution and (3) to avoid translation hassle. While choosing the value for these newly added selenium-id, you are free to help iterating while fuzzing by (a) using consecutive numbers, (b) using names that forms a consistency.

I have written more extensively on this Fuzz Selenium test in here



来源:https://stackoverflow.com/questions/16521143/fuzz-test-framework-web-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!