2. Jurgens
van
der
Merwe
(jurgens@sensepost.com)
Junior
analyst
with
SensePost
Interests:
Information
Security
Innovative
Technologies
Music
Skateboarding
etc
3.
4.
5.
6.
7.
Purpose
Interface
Speed
Value
Attack
surface
Complexity
8.
Purpose
Interface
Speed
Value
Attack
surface
Complexity
9. Browser
Automation
Framework
for
Testing
Web
Applications
Consists
of
3
parts
:
Selenium
IDE
Selenium
Remote
Control
Selenium
Grid
For
this
talk
we
will
focus
on
the
core
library
and
functionality
of
Selenium
Framework
10. Automation
The
ability
to
trigger
sequential
events
without
the
need
of
manual
interaction
Harvesting
The
ability
to
gather
large
datasets
of
common
objects
over
a
period
of
time
Extraction
The
ability
to
extract
key
elements
from
an
entity
in
order
to
obtain
valuable
information
regarding
a
specific
target
13. Behind
the
‘Sannie’
experiment
Purpose
Showing
that
bots
can
act
like
humans
too.
Goal
Following
logical
pathways
to
mimic
human
interaction.
Demo
14. The
mass
friendship
harvest
Purpose
Harvest
user
relationships
Goal
Determining
the
theory
behind:
{
friends
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend,
of
a
friend….
}
15. The
Facebook
Profiler
Purpose
Creating
my
own
personal
address
book
Goal
Extracting
user
information
from
facebook
profiles
Demo
16. Web
Simulator
Supports
various
browsers
like
Mozilla
Firefox
Google
Chrome
Opera
Safari
Internet
Explorer
Interacts
with
the
Document
Object
Model
(DOM)
17. Latency!!!
Super
fast
ZA
internet.
Having
to
wait
for
the
web
element
to
be
completely
constructed
within
the
DOM.
Complexity
of
the
application
Understanding
the
logic
behind
the
application.
18. Selenium
is
a
cool
technology
for
interacting
with
any
Web
2.0
application.
Impersonates
human-‐like
interaction
with
a
web
application
by
following
logical
paths.
Ability
to
rely
on
the
browser’s
DOM
rather
than
the
source
of
a
web
page
when
extracting
information.
Allow
you
to
actually
see
the
browser
execute
your
code
and
navigate
through
the
targeted
application.
The
ability
to
test
the
functionality
of
the
web
application
through
various
browsers.