问题
Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel.
For example, I could benefit from these features:
- randomized link clicking
- randomized form filling
- 'back' and 'forward' clicking
- random mouse movement and clicking
- javascript support
Does anyone know of project that implements these features? (preferably Java :))
回答1:
I was curious about this as well since we use Selenium/Java here at my office, and did some digging of my own. I found a few links that may be useful to you:
Fuzz Testing - IBM - I suspect you may have already found this link though.
Monkey Fuzz Testing - I know, I know... it's .NET. BUT, it may give you some good ideas as to how to implement it on your end.
Stephen Coldebourne's Blog - This was a great read; well worth your time.
JBroFuzz - This is pretty awesome. That is all.
回答2:
As the post tagged "javascript", I'm adding here Gremlins.js which is a testing/fuzzing framework written for Node and browsers. Surprised no one mentioned it yet.
回答3:
Some new JS Fuzz testing NPM modules now existing. Sadly, many are not widely used, so expect them to need some polish or TLC.
- fuzzer
- sorrow
- javascript-fuzz
- fuzzur
回答4:
Unfortunately there is (now = September 2013) almost no general purpose Fuzz testing tool using Selenium. But luckily you could implement your own specialized fuzz tool.
Requirements:
- Knowledge of Selenium RC/WebDriver
- Some programming skill in a language that Webdriver supports
- Good structure of your HTML elements, so that you could easily focus your fuzzing. One good practice, regardless the old (messy ?) structure of your HTML pages, is to add a specific id, e.g. selenium-id to your HTML element, to (1) simplify XPath formation, (2) speed up XPath resolution and (3) to avoid translation hassle. While choosing the value for these newly added selenium-id, you are free to help iterating while fuzzing by (a) using consecutive numbers, (b) using names that forms a consistency.
I have written more extensively on this Fuzz Selenium test in here
来源:https://stackoverflow.com/questions/16521143/fuzz-test-framework-web-application