public API_HacmeBank login(string userName, string password)
{
loginPage();
ie.field("txtUserName").value(userName);
ie.field("txtPassword").value(password);
ie.button("Submit").click();
return(this);
}
public void Login_As_Admin()
{
server = apiCassini.url();
ie.open(server.append("login").info());
ie.field("username").value(admin_Name);
ie.field("password").value(admin_Pwd);
ie.button("login").click();
ie.waitForLink("About", 250, 20).assert_Not_Null();
ie.waitForLink("Logout").assert_Not_Null();
}
/// <summary>
/// https://github.com/TeamMentor/Master/issues/852
/// </summary>
[Test][Ignore("To Fix")] public void Issue_852_Unable_to_load_Configs()
{
var temp_Server = 10.randomLetters();
ieTeamMentor.open_TBot_Login_if_Needed(); // ensure we are logged in login
ie.waitForLink("Edit SecretData").click(); // go into the "Edit SecretData"
ie.field("Server").value().assert_Not_Empty(); // confirm values where set
ie.field("Server").value(temp_Server); // set it to a temp_Server value
ie.button("SaveData").click(); // trigger save
ie.invokeEval("_scope.result_Ok = undefined");
ie.waitForJsVariable(" _scope.result_Ok")
.cast <string>().trim().assert_Is("SecretData data saved"); // wait for the confirmation message
/* tmProxy.TmFileStorage.secretData_Location()
* .load<TM_SecretData>()
* .SmtpConfig.Server .assert_Is(temp_Server); */
}
private string Exploit_Stage_1_Stored_XSS(string fieldToInsertPayload)
{
setup();
var payload = "<a href=\"\" onMouseOver=\"javascript:alert('xss')\">Over me to see xss</a>";
webGoat.openMainPage();
//ie.disableFlashing();
ie.link("Cross-Site Scripting (XSS)").flash().click();
ie.link("LAB: Cross Site Scripting").flash().click();
ie.link("Stage 1: Stored XSS").flash();
ie.field("password").flash().value("larry");
ie.button("Login").flash().click();
ie.selectLists()[1].options()[0].select().flash();
ie.button("ViewProfile").flash().click();
ie.button("EditProfile").flash().click();
ie.field(fieldToInsertPayload).value(payload).flash();
ie.button("UpdateProfile").flash().click();
Assert.That(ie.html().contains("onmouseover=\"javascript:alert('xss')\""), "Payload was not inserted into page");
return("ok");
}
public static string viewStateRaw(this WatiN_IE ie)
{
return(ie.field("__VIEWSTATE").value());
}
public void Workflow_Install_And_Delete_Library()
{
Action <string, string> waitForElementText =
(elementId, text) => {
"waiting for '{0}' in element '{1}'".info(text, elementId);
for (int i = 0; i < 5; i++)
{
if (ie.element(elementId).text().contains(text))
{
return;
}
else
{
elementId.sleep(1000, true);
}
}
"could not find '{0}' in element '{1}'".error(text, elementId);
};
Action <string, string> login =
(username, password) => {
ie.open(server.append("login"));
ie.url().assert_Contains("Login");
ie.field("username").value(username);
ie.field("password").value(password);
ie.button("login").click();
};
Action logout = () => ie.open(server.append("logout"));
Action teamMentor = () => {
ie.open(server.append("teamMentor"));
ie.waitForLink("About");
};
Action admin = () => ie.open(server.append("admin"));
Action login_AsAdmin = () => {
if (ie.hasLink("Control Panel").isFalse())
{
logout();
login(admin_Name, admin_Pwd);
ie.waitForLink("About", 250, 20).assert_Not_Null();
ie.waitForLink("Logout").assert_Not_Null();
//teamMentor();
}
};
Action installTestLibrary =
() => {
admin();
ie.waitForComplete();
ie.waitForLink("advanced admin tools").click().assert_Not_Null();
ie.waitForLink("install/upload libraries").click().assert_Not_Null();;
ie.waitForLink("OWASP").click().assert_Not_Null();
ie.button("Install").click().assert_Not_Null();
waitForElementText("installMessage", "> Library installed was successful");
ie.link("Admin Tasks").click().assert_Not_Null();
waitForElementText("jsonResult", "...Via Proxy");
ie.link("Reload Server Cache").click().assert_Not_Null();
waitForElementText("jsonResult", "In the Folder");
ie.link("Open Main Page").click().assert_Not_Null();;
//ie.waitForLink("Reload Server Cache").click();
};
Action deleteTestLibrary =
() => {
ie.waitForLink("OWASP").notNull().assert_True();
var librariesBeforeRemove = ie.getJsVariable("window.TM.WebServices.Data.AllLibraries.length").cast <int>();
ie.eval("window.TM.Gui.LibraryTree.remove_Library_from_Database('4738d445-bc9b-456c-8b35-a35057596c16')");
for (var i = 0; i < 5; i++)
{
if (ie.getJsVariable("window.TM.WebServices.Data.AllLibraries.length").cast <int>() < librariesBeforeRemove)
{
return;
}
else
{
100.sleep();
}
}
"Library was not deleted".assert_Fail();
};
teamMentor();
login_AsAdmin();
//ie.script_IE_WaitForClose();
installTestLibrary();
deleteTestLibrary();
ie.hasLink("OWASP").assert_False();
}
