0

I'm going to analyse web applications by using dynamic analysis. Now I need an input generator that could generate the input.

Is there any open sourced tool achieve this?

I've read lots of papers, such as Apollo, but it seems that they didn't publish their tool.

Thank you

slivia
  • 1
  • 1

1 Answers1

0

You could write your own web crawler/bot with any script language. I guess your website use Javascript ? In that case it is convenient to use a library based on Selenium, a programmable web browser. As it is a web browser, it interprets all Javascript and you will only have to deal with html. With the Ruby script language, the Selenium wrapper is called Watir. And you could search for a wrapper with your preferred script language. You could use two strategies for testing your website :

  • Test cases - You write fixed test cases that must succeed for each new updates (example: connect to a test account etc.)
  • Monkey tests - Try to interact with every actionable objects and look for errors.
Dr. Jekyll
  • 386
  • 4
  • 16
  • I want to deal with the php not javascript~ any ways to do? – slivia Aug 24 '16 at 10:36
  • Website dynamic analysis involves testing from the client point of view. As such you have no direct access to php files. But if your php contains bugs, dynamic analysis can trigger them. I can help more if you speak about your objectives. Is this for vulnerability detection ? bug detection ? – Dr. Jekyll Aug 25 '16 at 13:48
  • This is for vulnerability detection, so I need some inputs to trigger those bugs. – slivia Sep 27 '16 at 05:08
  • Try Wapiti : http://wapiti.sourceforge.net/ . You will get what you need. sqlmap (http://sqlmap.org/) is another tool for testing sql injections on php varriables. – Dr. Jekyll Sep 29 '16 at 07:50