Showing posts from July, 2013

Android Device Automation with Calabash

In this blog post/tutorial I will describe how to write a simple automated test for an android device and get it running on your machine. I will start with a quick crash course explaining the android emulator, how to get it up and running and how to install a native application (in this example instagram). Once the emulator is up and running, we will move onto 'calabash-android', how to install, configure, write and run a simple login test. Installing and running the Android emulator First thing is we need to download and extract the latest Android SDK, get it from here and unzip it into your area of choice, I would recommend putting it in your $HOME directory for now. After you have downloaded and unzipped the SDK, you will need to create an AVD (Android Virtual Device). Do this by changing into the tools directory in the SDK root and running the android create command: $ cd android-sdk-linux/tools $ ./android create avd -n android4.0 -t 20 -c 256M If you want an ex

FT.COM Cross Site Scripting Example

I have been working with a number of client web applications, and it surprised me how many of them are/have been open to XSS to the point I'm actually worried. My guess is that testers don't really understand what XSS is, how to exploit it and what risk it poses to the business, so I will try and give you a working example using the They are not a client of mine but I did find their search was open to the XSS exploit. Don't worry I have contacted and reported the issue to them, so by the time you read this the site will be patched and immune to any sort of XSS bug. Lets get started: 1. First lets find an input into the webserver, has a search form field we may be able to exploit. 2. We want to enter some malicious text into the search field, for example script tags to see if they break the page. First lets do a normal search and analyse how the page is returned, type 'Lenovo' into the search field and click search, after a short wait the re