Security Basics mailing list archives
Re: bruteforce attacks to GUI applications
From: Disco Jonny <discojonny () gmail com>
Date: Thu, 17 Nov 2005 11:38:19 +0000
Hi, sorry if this email is m$ centric, I have never needed to do and GUI testing on anything other than windows. I go slightly off point in this email, (the answer to the original im pretty sure has already been posted, and is brutus :)
Is it possible to automate interaction with a GUI app? If so this is an important option I am not familiar with, please supply me with references and links so I can read up on the principles & practice. I look forward to having some new bedtime reading :)
Thankfully yes! makes my life a lot easier. there is a bunch of tools commercial and free for recording 'windows' macros. if you are not familiar with macro recorders, these are programs that will record the user interaction (key stokes, mouse clicks, etc) and save them, allow modification of them and will then play them back with various options and in an automated manner. They can be configured to respond to lots of different responses, and can get quite 'smart' a few examples (i haven't used any of these to any extent, but they look pretty powerful) http://www.mjtnet.com/ http://www.mercury.com/us/products/quality-center/functional-testing/winrunner/ http://www.tucows.com/search?search_terms="macro%20recorder"&search_scope=win&search_scope_d=0 An alternative method is to write the scripts directly. again there are various ways to do this, but windows has its own built in scripting language for this very (automation of gui's) purpose have a look at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsoriWindowsScriptHost.asp I agree it is not a popular attack method, but it is not really Hollywood fiction. I think that hollywood likes to use this sort of thing in the movies because it is highly visual and a very high percentage of movie goers would recognise what is going on, much more so than watching someone try to walk a stack or run an exploit. (although im not a film expert - i think you get my point) HTH s. On 11/16/05, m_r_welch () tiscali co uk <m_r_welch () tiscali co uk> wrote:
I think we may mostly be in agreement here, and it's just a small difference in perspective. I offer my responses to these points below.
Current thread:
- bruteforce attacks to GUI applications ework0 (Nov 09)
- RE: bruteforce attacks to GUI applications m_r_welch (Nov 15)
- RE: bruteforce attacks to GUI applications Kenton Smith (Nov 16)
- Re: bruteforce attacks to GUI applications ascii (Nov 17)
- RE: bruteforce attacks to GUI applications Kenton Smith (Nov 16)
- <Possible follow-ups>
- Re: bruteforce attacks to GUI applications m_r_welch (Nov 16)
- Re: bruteforce attacks to GUI applications Disco Jonny (Nov 17)
- Re: bruteforce attacks to GUI applications m_r_welch (Nov 16)
- Re: bruteforce attacks to GUI applications ascii (Nov 17)
- Re: bruteforce attacks to GUI applications Alloishus BeauMains (Nov 17)
- Re: bruteforce attacks to GUI applications mike preston (Nov 28)
- RE: bruteforce attacks to GUI applications m_r_welch (Nov 15)