Month: January 2015

The power of cURL for software tester

One of my favorite language for testing is cURL. As soon as I have to do with RESTful applications or simple HTTP, it’s my first choice. Here I show only a small selection of cURL options.

Basic examples:

Basic HTTP Get request

$ curl http://example.tld

Download`s

# Basic unix output redirection
$ curl http://example.tld > index.html

# Filename provided by command line
$ curl -o byname.html http://example.tld

# Filename provided by URL
$ curl -O http://example.tld/lorem/ipsum.html

# Multiple files
$ curl -O http://example.tld/lorem/ipsum.html -O http://example.tld/dolor/sit.html

Follow redirects

$ curl -L http://example.tld

HTTP referer

$ curl -e http://referer.com http://example.tld

Resumed transfer offset (continue download)

$ curl -C -O http://example.tld/lorem/ipsum.html

Show response header

$ curl -I http://example.tld

Change request method

# default is GET
$ curl http://example.tld

# force GET
$ curl -G http://example.tld

# use POST, PUT or DELETE
$ curl -X POST http://example.tld
$ curl -X PUT http://example.tld
$ curl -X DELETE http://example.tld

Set request headers

# JSON content type
$ curl -H "Content-Type: application/json" http://example.tld

# Accept-Language
$ curl -H "Accept-Language: de-DE" http://example.tld

Advanced examples:

Send a JSON request

$ curl -X PUT -H 'Content-Type: application/json' -d '{"firstName":"Max", "lastName":"Muster"}' http://example.tld

Use a file with JSON content

$ curl -X PUT -H 'Content-Type: application/json' -d @myfile.json http://example.tld

Specify HTTP multipart POST data (JSON and image)

$ curl -X POST \
-H 'Content-Type: multipart/form-data' \
-F "userData=@myfile.json;type=application/json" \
-F profilePicture=@image.jpg \
http://example.tld

Write output (show status and time total)

# Time total
$ curl -o /dev/null -s -w %{time_total}\\n  http://example.tld

# Status code and time total
$ curl -o /dev/null -s -w %{http_code}:%{time_total}\\n  http://example.tld

Simple server authentication

$ curl -u username:password http://example.tld

FTP

# FTP (root folder)
$ curl ftp://username:password@example.tld

# FTP (specific folder)
$ curl -u username:password ftp://example.tld/textfiles/

# FTP upload (specific folder)
$ curl -T myfile.txt -u username:password ftp://example.tld/textfiles/myfile.txt

# FTP delete (root folder)
$ curl -X 'DELE myfile.txt' -u username:password ftp://example.tld

Ignore SSL certificate error

$ curl -k https://example.tld

For more information see help and man pages!!!!

Start – Stop Apache HTTP server by click

Usually, you start and stop the apache server by the terminal on Mac OS X.

Example

# start Apache
$ sudo apachectl start

# Restart Apache
$ sudo apachectl restart

# Stop Apache
$ sudo apachectl stop

But with the help of Automator, you can do it by simple click.

Steps

Start the Automator and select “Application”.

automator apache

Now insert the action “Run AppleScript” from library into workflow window.

automator apple script

Insert the following script and save your application.

do shell script "
!#/usr/bin/env bash
if ! ps ax | grep httpd | grep -v grep > /dev/null ; then
  sudo apachectl start
else
  sudo apachectl stop
fi
" with administrator privileges

As a small highlight you can change the icon. Select your app and press “CMD” + “i”. Now drag an other icon file on place of Automator icon.

automator icon

Improve your daily workflow

As a test manager I have to check every day, many test results in my browser. With the Automator i can save time.

Steps

Start Automator and select “Application”

os x automator

Select “Internet” on “Library” and double click “Get Specified URLs” to get the action into the workflow window. Now insert all URLs.

automator get specific url
automator get specific url

Add in the “Display Webpages” action and save it.

automator display webpages

Attention: default path is “/Users//Library/Services/”, but you can save it on other locations, too.

automator application

Layer 2 discovery on same subnet

A little tip for penetration testers to scan their own network with arping (Layer 2 discovery).

Preparation

We need arping. Therefor we can use ports to install them.

# install arping via ports
$ sudo port install arping

Example

# Syntax
$ sudo arping -c <number> <target>

# Example
$ sudo arping -c 4 192.168.0.1

Usage

Now we use ARP (Address Resolution Protocol) to discover.

#!/usr/bin/env bash

# define shell options
set -e
set -u

# define magic variables
declare -r FILE_NAME=$(basename "$0")
declare -r -i NO_ARGS=84
declare -r -i BAD_ARGS=85

# usage function
function fc_usage() {
  printf "Usage: %s -i <interface>" "$FILE_NAME"
}

# error function
function fc_no_args() {
  printf "Error: no arguments supplied\n"
  exit "$NO_ARGS"
}

# check script arguments
if [ "$#" -eq 0 ]; then
  fc_no_args
fi

while getopts "i:" OPTION; do
  case "$OPTION" in
    i)
      INTERFACE="$OPTARG";;
    *)
      fc_usage
      exit "$BAD_ARGS";;
  esac
done


PREFIX=$(ifconfig "$INTERFACE" | grep 'inet' | cut -d ' ' -f2 | sed -n 2p | cut -d '.' -f 1-3)

for addr in $(seq 1 254); do
  arping -c 1 "$PREFIX"."$addr" | grep "bytes from" | cut -d " " -f 5 | cut -d "(" -f 2 | cut -d ")" -f 1 &
done

Small helper for iOS automated test 2

The second part of this small series, it shows how to obtaining device property informations.

Helper

var Device = {
  isIPhone: function() {
    return this.target().model().match("iPhone");
  },
  isIPad: function() {
    return this.target().model().match("iPad");
  },
  isName: function() {
    return this.target().name();
  },
  isSystemName: function() {
    return this.target().systemName();
  },
  isSystemVersion: function() {
    return this.target().systemVersion();
  },
  target: function() {
    return UIATarget.localTarget();
  }
};

Example

var message = Device.isName();
UIALogger.logMessage("Name: " + message);

var message = Device.isSystemName();
UIALogger.logMessage("SystemName: " + message);

var message = Device.isSystemVersion(); UIALogger.logMessage("SystemVersion: " + message);

if (!Device.isIPad()) {
  throw new Error("Test suite only works on iPad");
}

Integrate pylint in PyCharm

This tutorial shows, how to add pylint into PyCharm.

Preparation

# install pylint via pip
$ sudo pip install pylint

That was the easy way to install pylint…

Steps

Open “Settings > Tools > External Tools” and press the “+” button.

pycharm external tools

Insert values

Inserts good values on name, description and select your favorite group. Enable more or less all checkboxes. Down the “Tool settings” insert program “pylint”, your specific parameters and working directory.

pycharm pylint

After press “OK” pylint integration is ready.

Extended

To be a little more flexible, you can use PyCharm macros. As an example use the value “$FilePath$” for Working directory and “$Promt$” for Parameters. This allows the use in other projects, too.

pycharm macros

Running PyCharm on Yosemite

Your current Java version is greater than 6 and you get after starting PyCharm an error dialog, the following solution helps.

Check your Java Version

# show Java version
$ java -version
java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

Open PyCharm settings

# edit file with Vim
$ vim /Applications/PyCharm\ CE.app/Contents/Info.plist

Change following lines on XML

<key>JVMVersion</key>
<string>1.6*</string>

# change into
<key>JVMVersion</key>
<string>1.8*</string>

Now you can start PyCharm

Query kernel variables

Show all

$ sysctl -a

Check for 64bit compatibility

$ sysctl hw |grep 64bit

# yes is like
hw.cpu64bit_capable: 1

# no is like
hw.cpu64bit_capable: 0

Check brand and speed

$ sysctl machdep.cpu.brand_string

Check for VT-x

# check on output if VMX is visible
$ sysctl -a | grep machdep.cpu.features