Question

Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel.

For example, I could benefit from these features:

  • randomized link clicking
  • randomized form filling
  • 'back' and 'forward' clicking
  • random mouse movement and clicking
  • javascript support

Does anyone know of project that implements these features? (preferably Java :))

Was it helpful?

Solution

I was curious about this as well since we use Selenium/Java here at my office, and did some digging of my own. I found a few links that may be useful to you:

Fuzz Testing - IBM - I suspect you may have already found this link though.

Monkey Fuzz Testing - I know, I know... it's .NET. BUT, it may give you some good ideas as to how to implement it on your end.

Stephen Coldebourne's Blog - This was a great read; well worth your time.

JBroFuzz - This is pretty awesome. That is all.

OTHER TIPS

As the post tagged "javascript", I'm adding here Gremlins.js which is a testing/fuzzing framework written for Node and browsers. Surprised no one mentioned it yet.

Gremlins.js preview

Some new JS Fuzz testing NPM modules now existing. Sadly, many are not widely used, so expect them to need some polish or TLC.

Unfortunately there is (now = September 2013) almost no general purpose Fuzz testing tool using Selenium. But luckily you could implement your own specialized fuzz tool.

Requirements:

  • Knowledge of Selenium RC/WebDriver
  • Some programming skill in a language that Webdriver supports
  • Good structure of your HTML elements, so that you could easily focus your fuzzing. One good practice, regardless the old (messy ?) structure of your HTML pages, is to add a specific id, e.g. selenium-id to your HTML element, to (1) simplify XPath formation, (2) speed up XPath resolution and (3) to avoid translation hassle. While choosing the value for these newly added selenium-id, you are free to help iterating while fuzzing by (a) using consecutive numbers, (b) using names that forms a consistency.

I have written more extensively on this Fuzz Selenium test in here

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top