TESTING HACK #

TESTING HACK DESCRIPTION

TOOLS

TEST HACK STEPS

TH_1

To prove that login credentials are stored in browser in plain text, from client to server communication

WINHEX

1. Launch the application in a browser
2. Navigate to the login page
3. Input valid credentials
4. Click on Login button
5. Launch Windows Task Mgr
6. Expand the browser tabs (to find the sessions)
7. Right click on the browser instance –> Click on Create Dump
8. Open the created dump file using WinHex application
9. Search for the phrase ‘password’ or ‘pass’
10. Observe all the search results
11. You will observe that the credentials are stored in plain text thus compromising on security and data integrity

TH_2

To test web responsive testing quickly on different screen resolutions and testing devices

Install any of the below chrome apps

(i) RESPONSIVE WEB DESIGN TESTER
(ii) VIEW PORT RESIZER
(iii) Window Resizer

(i) Install the chrome app in chrome browser
(ii) Launch the web application
(iii) Click on the chrome app(s) to launch
iv) Click on the specific resolution/device
(v) Observe the application behavior in different resolutions/devices

TH_3

To test broken links on any website

Install the below chrome app(s)

(i) CHECK BROKEN LINKS

(i) Install the chrome app in chrome browser
(ii) Launch the web application
(iii) Click on the Check Broken Links chrome app
(iv) Observe the details

Other tools to test broken links on any website:

https://smallseotools.com/websites-broken-link-checker/
https://validator.w3.org/checklink
https://www.deadlinkchecker.com/
https://error404.atomseo.com/

TH_4

To capture all the client calls to servers, during web-application testing for debug/log purpose

Inspect Element

Inspect Element –> Network tab –> Download HAR file

TH_5

To capture all the client calls to servers, during web-application testing for debug/log purpose

Install the below chrome app(s)

(i) HTTP Trace

(i) Install the chrome app in chrome browser
(ii) Click on the HTTP trace chrome app
(iii) Continue performing web testing
(iv) Switch to HTTP trace to view all the client calls made to server

TH_6

To capture all the logs while testing Windows/Desktop based applications for debug/log purpose

Event Viewer (Windows application)

(i) Launch ‘Administrative Tools
(ii) Click on ‘Event Viewer’
(iii) Click on ‘Windows Logs’ & expand the same
(iv) Click on ‘Application’
(v) Parse the logs for required information

TH_7

To capture the open ports and ports being used, for any web application (used by a hacker)

Install the below chrome app(s)

(i) Shodan

(i) Install the chrome app in chrome browser
(ii) Launch the web application
(iii) Click on the Shodan chrome app
(iv) Observe the port numbers being used by the application

TH_8

To capture the technology framework details by any web application (used by a hacker)

Install the below chrome app(s)(s)

(i) WhatRuns
(ii) Wappalyzer

(i) Install the chrome app(s) in chrome browser
(ii) Launch the web application to test
(iii) Click on the WhatsRuns OR Wappalyzer chrome app
(iv) Observe the technology details being used by the application

TH_9

To test the UI aspects of any website such as Font size, font name, CSS details etc, for consistency

Install the below chrome app(s)(s)

(i) WhatFont
(ii) CSSViewer

(i) Install the chrome app(s) in chrome browser
(ii) Launch the web application to test
(iii) Click on the Whatfont OR CSSViewer chrome app
(iv) Observe the font family details being used by the application and test it for consistency across the application

TH_10

To validate the performance of any website (on Mobile device and/or Desktop) quickly from the below aspects:

(i) Performance
(ii) Accessibility
(iii) SEO
(iv) Best Practices
(v) Progressive Web App

Install the below chrome app(s)

(i) Lighthouse

(i) Install the chrome app(s) in chrome browser
(ii) Launch the web application to test
(iii) Right click on the webpage and click on Inspect Element
(iv) Click on Audits
(v) Choose the configuration settings
(vi) Click on Run Audits
(vii) The performance test audit report will be generated in few minutes, for your analysis

TH_11

To test a website in IE browser from Chrome browser OR when there is no IE browser installed on Ubuntu/Mac/Linux PC and also to simulate different versions of IE browser behavior (IE7,IE8,IE9,IE10,IE11)

Install the below chrome app(s)

(i) IE Tab
(ii) Cloud Browser

(i) Install the chrome app(s) in chrome browser
(ii) Launch the web application to test
(iii) Click on the IE Tab app OR Cloud Browser app
(iv) Observe the website loading on IE browser, within Chrome browser

TH_12

To find any alternative software

https://alternativeto.net/

(i) Visit https://alternativeto.net/ on any browser
(ii) Search for a tool
(iii) Apply filter(s) against OS or Licensing to view required results

TH_13

To validate if the TLS ciphers used in HTTPS protocol are weak or strong

https://www.ssllabs.com/

(i) Visit https://www.ssllabs.com/ on any browser
(ii) Click on ‘Test your server’
(iii) Enter the website URL for which the cipher(s) strength need to be determined
(iv) Click on ‘Submit’ button
(v) After the scan is completed, scroll down to the bottom section to find ‘Cipher Suites’, to check if there are any weak ciphers displayed

TH_14

To automatically populate test data in sign up/text fields form

Install the below chrome app(s)

(i) Form Filler
(ii) Lazy Fuzzer

(i) Install the chrome app(s) in chrome browser
(ii) Launch the web application to test
(iii) Right click on any of the textbox in the sign up form
(iv) Click on Form Filler –> Fill all fields
(v) Observe the website to populate the text data in all the text boxes
(vi) Alternatively, if you select Lazy Filler (in right click menu), you can insert XSS, SQLi test data in the text fields for security testing vulnerabilities

TH_15

To find basic security aspects of any website

Inspect Element

(i) Launch the web application to test
(ii) Right click on the webpage and click on Inspect Element
(iii) Click on Security
(iv) The basic security details of the website is displayed

TH_16

To spoof geo-location on the browser (for Mikimoto testing)

Inspect Element

(i) Launch the web application to test
(ii) Right click on the webpage and click on Inspect Element
(iii) Click on 3 vertical dots on the right corner
(iv) Click on More tools –> Sensors
(v) In Geolocation field, choose the available country location co-ordinates or enter new lat & long values
(vi) Disable the location property in Chrome browser–> Settings (so browser will not ask you to choose location)

TH_17

To test spelling mistakes on any website

Typosaur

Use the below tools:

https://www.internetmarketingninjas.com/online-spell-checker.php
https://typosaur.us/
https://www.powermapper.com/products/sortsite/checks/website-spell-checker/

TH_18

To test RSS feeds

RSS Feed validator

https://validator.w3.org/feed/

TH_19

To test for internalization

Internationalization checker

https://validator.w3.org/i18n-checker/

TH_20

To validate CSS errors on any website

CSS validator

http://jigsaw.w3.org/css-validator/
https://validator.w3.org/unicorn/#validate-by-uri+task_full-css

TH_21

To validate HTML errors on any website

HTML Parser

https://validator.w3.org/nu/
https://www.freeformatter.com/html-validator.html

TH_22

To validate XML errors on any website

XML Parser

https://www.freeformatter.com/xml-validator-xsd.html

TH_23

Master tool to test most of the website things

W3C

https://w3c.github.io/developers/tools/#tools

TH-24

Accessibility Testing Tools

Here are some tools that can help:

1. AATT (Automated Accessibility Testing Tool) – Provided by PayPal, it comes with an accessibility API and other web applications for HTML CodeSniffer.

2. Free WCAG 2.0 Web Accessibility Checker – A free tool that reviews a single page and reports on any accessibility issues that it finds.

3. The Accessibility Viewer (aViewer) – An inspection tool for Windows that displays the accessibility API information revealed to the operating system by web browsers, and consequently to any assistive technology like screen readers.

A huge list of accessibility evaluation tools can be found on The World Wide Web Consortium (W3C) website (https://www.w3.org/WAI/ER/tools/)