Automate UI Testing using Instruments
An instrument is a powerful tool that can be used to automate UI testing. Instruments can also be used to collect data about the performance and behavior of one or more processes on the system and track that data over time. Although most instruments are geared toward gathering trace data, the User Interface instrument helps automate data collection. With it you can record user events while you gather your trace data. You can use this recording to reliably reproduce the same sequence of events over and over again.
Instruments is contained within the Xcode 4 toolset. Download Xcode from the App Store and install it onto your computer. After you have installed Xcode, you are ready to run Instruments. Instruments can be launched in one of three ways.
To run Instruments from Xcode
- Open Xcode.
- Choose Xcode > Open Developer Tool > Instruments.
Even though each instrument is different, there is one general workflow when collecting information from your app. This workflow is a four-step process.
- Choose a trace template
- Direct Instruments to your app
- Collect information from about your app
- Examine the collected information
For UI automation we will be using Automation template in Instruments to execute scripts. An important benefit of the Automation instrument is that you can use it with other instruments to perform sophisticated tests such as tracking down memory leaks and isolating causes of performance problems.
Note: The Automation instrument only works with apps that have been code signed with a development provisioning profile. Apps signed with a distribution provisioning profile cannot be automated with the UI Automation programming interface.
Writing an automation test script
- Select the Automation trace template.
- Click Add > Create.
- Double-click New Script to change the name of the script.
- In the Detail pane, select Console to enter the code for your script.
- Choose a target for your script.
- Click the Play button at the bottom of the Console.
Selecting trace template
After you create the script, it can be used throughout the development of your app. You can do this by importing your saved script and running it with the Automation instrument.
To import a previously saved script
- Select the Automation trace template.
- Click Add > Import.
- Navigate to your saved script file and click Open
Accessing and Manipulating UI Elements
To perform an action on an element in your app, you explicitly identify that element in terms of the app’s element hierarchy. Each accessible element is inherited from the base element, UIAElement. Every element can contain zero or more other elements. Script can access individual elements by their position within the element hierarchy. However, you can assign a unique name to each element by setting the label attribute and making sure Accessibility is selected in Interface Builder for the control represented by that element.
The four properties used in the scripts to access elements are
- name. Derived from the accessibility label
- value. The current value of the control, for example, the text in a text field
- elements. Any child elements contained within the current element, for example, the cells in a table view
- parent. The element that contains the current element
Before going into details of how to ethical hacking we should be clear of what it is.
What is ethical hacking?
An ethical hacking is an attempt to penetrate networks and or computer systems, using the same method as a hacker would use for the purpose of finding and fixing computer security vulnerabilities.
Here are list of the hacking tools that are commonly required for hacking. This will be required for doing any type of ethical hacking.
Reconnaissance (and DNS)
- Dig – DNS lookup utility
- DNSMap – DNS mapping is a mechanism which allows hosts on a private LAN to use DNS Services even if the address of an actual DNS Server is unknown.
- DNSTracer – Trace DNS queries to the source
- DNSWalk – Checks DNS zone information using nameserver lookups
- Netmask – Helps determine network masks
- Relay Scanner – This program is used to test SMTP servers for Relaying problems
- TCPTraceroute – Traceroute implementation using TCP packets
- Firewalk – Firewalk is a network auditing tool that attempts to determine what transport protocols a given gateway will pass.
- Amap – Performs fast and reliable application protocol detection, independent of the TCP/UDP port they are being bound to.
- Curl – Get a file from an HTTP, HTTPS or FTP server
- Fping – Sends ICMP ECHO_REQUEST packets to network hosts
- Hping3 – Active Network Smashing Tool
- HTTprint – A web server fingerprinting tool
- Ike-Scan – IPsec VPN scanning, fingerprinting and testing tool
- MetoScan – HTTP method scanner
- Nmap – The Network Mapper
- Netcat – TCP/IP swiss army knife
- P0f – Passive OS fingerprinting and masquerade detection utility
- Zenmap – The Network Mapper Front End
- Chntpw – NT SAM password recovery utility
- Rainbowcrack – Crack LM, MD5 and SHA1 hashes
- THC PPTP Bruter – A brute forcing program against PPTP VPN endpoints (TCP port 1723)
- VNCrack – Crack VNC passwords
- John the ripper – A fast password cracker
- DHCP Dump – DHCP packet dumper
- Dsniff – Password sniffer
- SSLDump – Dump SSL traffic on a network
- Ntop – Displays top network users
- Wireshark – Interactively dump and analyze network traffic
Spoofing (or Masquerading)
- File2cable – Sends a file as a raw ethernet frame
- Netsed – Network packet streaming editor
- Sing – Send ICMP Nasty Garbage packets to network hosts
- TCPreplay – Replay network traffic stored in pcap files
Wireless Networking Utilities
- Aircrack-ng – Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
- Kismet – Wireless sniffing and monitoring
- THC Leap Cracker – The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication.
- WEPCrack – WEPCrack is an open source tool for breaking 802.11 WEP secret keys.
- WIDZ – Wireless Intrusion Detection System
- Cowpatty – Brute-force dictionary attack against WPA-PSK
- GDB – The GNU Debugger.
- Hexdump – ASCII, decimal, hexadecimal and octal dump tool.
- Hexedit – View and edit file in hexadecimal or in ASCII
- Wipe – Securely erase files
- Madedit -Text/Hex Editor
Next part will have how to use these tools to exploit vulnerabilities.
To use Selenium Webdriver with JMeter, install “Webdriver” plugins. The WebDriver sampler is useful if you want to test for performance AJAX or GWT based web applications.
Download WebDriver plugins from http://jmeter-plugins.org/downloads/all/
Unzip the files and copy in the lib folder under JMeter home directory.
To test if WebDriver plugins installed open Jmeter and test if there is jp@gc – Firefox Driver Config.*If not, check your JMeter’s lib folder. Add the Webdriver sampler and Firefox or chrome driver config element. Insert the following code to launch Bing search and search for a text. Also add tree listener to view the result.
var pkg = JavaImporter(org.openqa.selenium) var support_ui = JavaImporter(org.openqa.selenium.support.ui.WebDriverWait) var wait = new support_ui.WebDriverWait(WDS.browser, 20000) WDS.sampleResult.sampleStart() WDS.browser.get('http://www.bing.com/') var searchField = WDS.browser.findElement(pkg.By.id('sb_form_q')) searchField.click() searchField.sendKeys(['testing']) var button = WDS.browser.findElement(pkg.By.id('sb_form_go')) button.click() WDS.sampleResult.sampleEnd()Explanation of the code
- The code starts with the import Java packages “org.openqa.selenium” and “org.openqa.selenium.support.ui.WebDriverWait” which will allow you to use the WebDriver classes.
- WDS.sampleResult.sampleStart() and WDS.sampleResult.sampleEnd() captures sampler’s time and will track it. You can remove them, the script will still work but you will not get load time
- WDS.browser.get(‘http://www.bing.com/’) – opens the browser with Bing search website
- var searchField = WDS.browser.findElement(pkg.By.id(‘sb_form_q’)) – saves the search text box in searchField varialble
- searchField.click() – Clicks the search field to make it active
- searchField.sendKeys([‘testing’]) – Enters text to search
- var button = WDS.browser.findElement(pkg.By.id(‘sb_form_go’)) – Saves search button in a variable
- button.click() – clicks on the search button.
You are now ready to go. Do let us know your experience in using Selenium with JMeter