The Web Browser Testing System presented at NinjaCon 2010

by Isaac Dawson,

Tags: Security Web Browser

URL : http://www.syscan.org/index.php/archive/view/year/2010/city/hcm/pg/program

Summary : Anyone who has tested browsers for security issues quickly learns that you need more than just a web server. The aim of WBTS is to arm security testers with a system that lets them focus on finding bugs, not fiddling with DNS configurations, building a logging system or building a test case system that works across multiple browser types. The purpose of this presentation is to introduce the tools, the test case system and the general methods for testing the various functionality of a web browser or user-agent.

So, what is WBTS?

1. A cross-platform web application server supporting SSL, Virtual Hosts, processors for various web languages and the ability to include your own. All built on python's stupid fast Twisted framework.
2. A built in DNS server to allow records to be created on the fly, as well as built-in DNS rebinding functionality accessible via web requests.
3. A cross-browser JavaScript test case framework that allows you to quickly create new test cases for various browser bugs using different automation methods. The framework hooks into MongoDB to store the results in an easily search-able data store.
4. Lots of test cases both from public sources such as WebKit's LayoutTests, old known browser vulnerabilities taken from Mozilla Firefox's and Google Chrome's bug tracker systems as well as ones created by myself.
5. A slick management Web UI to review test results and configure WBTS.
6. Future plans to implement a fully featured fuzzing framework.