Creating a Simple Module

Ahamed Nafeez edited this page Jun 12, 2014 · 5 revisions

Here are a few steps to create a simple module.

  • Under Create Module, start with providing a Name and Description for your new test case. Let us call it, 'What are the booleans exposed by the Window Object?' .

  • And describe it as say 'Tests across different browsers for the Boolean properties exposed by the Window Object. Can be used in attack vectors which uses Global variables in code.'

  • Select the Module Type as Enumeration Function and Results Type as Simple table format.

Enumeration Functions - Module types are used to do custom test cases with the dataset that you choose.

Fuzzer - Module types are used to fuzz a given injection point for parsing. Something similar to what Shazzer does with the DOM.

  • Customize your Column Names for how the result should be shown. Here, I am interested in the property names and their val . So make the count as 2. We are eventually going to use the addResult() function, with two arguments, which will appropriately populate the two columns.

  • Now comes the real deal, the User Scripts. These are the functional test cases that are going to be run in an isolated context for each and every input. Since, we are just printing the values of the names and properties, we can just use the addResult function to add the current enumeration data.

The user script need to define a function named 'test' and is processed by DomStorm for each and every input - which is passed as the first argument. So, the function definition looks like,

function test(data){
// data is the input variable that is supplied from the Enumeration Data field.

// For this module, we don't process the input data.
addResult(data.prop, data.val);

  • The Enumeration Data field is where the inputs to the test functions are generated dynamically or specified manually. For the simple module that we are creating now, this is where the crux of our results lie. We simply enumerate the boolean properties of the current browser's Window Object and feed it as data to the user script - (which for now just prints the result in a suitable column format).

The Enumeration Data should be exposed as an Array of Objects, Strings, Integers etc with the variable name data.

Here is how it looks like,

var data = []; // This Array is going to be populated with our enumeration result.
var x;
for(x in window){
  if(typeof window[x] == "boolean"){
    var obj = {};
    obj.prop = x;
    obj.val = window[x];

// what if the array is empty now?
if(data.length === 0){
    var obj = {};
    obj.prop = 'This browser doesn\'t have any Boolean properties on the Window Object';
    obj.val = ''; // Empty data
  • Run the test on different browsers to see the results, compare, analyse and Have Fun !

I would definitely need your suggestions / ideas to make this tool useful.

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.