This tool if used correctly will generate java test classes that use selenium to test penetrations on your web server.
Genetic Algorithm library: JGA
- Java 1.8 (or higher)
- Maven (command line or within IDE)
- Apache Tomcat
- Chrome
- Chrome-driver
TODO
-
Open the command line
cd /path/to/project/mvn clean installmvn package
-
The program needs a servlet to connect to.
cd applications/apache-tomcat-9.0.19/bin- If you're on a windows use:
start.bat
- If you're on a linux/macos use:
start.sh- You might have problems with privileges, to solve this use:
chmod +x start.shchmod +x catalina.sh
-
Go to the PTG directory.
cd ../PTG/target/
-
Run the tool with the
--initflag to create the config files:java -jar PTG-1.0-SNAPSHOT-jar-with-dependencies.jar --init
-
A proxy and a config file will be created.
- In the proxy.json change the
expected-output-pathproperty. - In the config.json change the
save-pathproperty. - In the config.json change the
pathproperty. - In the config.json change the
chromedriver-pathproperty.
- In the proxy.json change the
-
Next, as you probably don't have any Test Objective XML files yet, you can create them using:
java -jar PTG-1.0-SNAPSHOT-jar-with-dependencies.jar --build-tos- The TO files will be created in a folder called
generated
-
Now you can run the program with this command:
java -jar PTG-1.0-SNAPSHOT-jar-with-dependencies.jar [flags*]- '*' implies zero or more
- Some flags require an argument as specified in the manual
-
Change some settings in the config.json.
- Change the
html-urlproperty. - Change the
proxy-urlproperty. - Change the
inputsproperty.
- Change the
-
Change some settings in the proxy.json.
- Change the
target-entries - Change the
expected-output-path.
- Change the
e.g. a node.js server instead of java servlet.
-
Create an implementation of the Proxy interface for your type of webapp.
-
Change some settings in the config.json.
- Change the
html-urlproperty. - Change the
proxy-urlproperty. - Change the
inputsproperty.
- Change the
-
Change some settings in the proxy.json.
- Change the
target-entries - Change the
expected-output-path.
- Change the
e.g. a webapp that uses json.
- Change some settings in the proxy.json.
- Change the
output-language. - Change the
expected-output-path.
- Change the
- Use the
-hor--helpflag to get the full manual - Use the
--initflag to generate a config and proxy file - Use the
--cliflag to open the CLI program (Try it!)
-
url: the url to connect to.
Must be a valid url.
Example: http://localhost:8080/sbank/Affilier3DsecureSevlet -
path: the absolute path to the folder of test objectives.
Must be a valid path.
Example(Linux): /home/dimitri/Documents/comix/TestObjectives/sbank3 -
save-path: the absolute path to the folder where the tests need to be saved.
Must be a valid path.
Example(Linux): /home/dimitri/Documents/comix/src/test/java -
connection: the type of connection to make to the server.
Currently only supports HttpClient.
Example: HttpClient -
time: the maximum amount of time to generate tests.
Must be of the form(number > 0)[smhd].
Examples: 10s, 500m, 23h, 1d -
inputs: the amount of inputs to try
Must be of the form(number > 0).
Examples: 1, 2, 3, 4 -
restricted: whether to use the restricted alphabet
Must be true or false. -
population: the amount of individuals to use
Must be of the form(number > 2 * amount_of_problems)
Examples: 100, 1500, 5000 -
objective: the amount of objectives to run at the same time
Examples: ONE, ALL -
approach: the approach/environment to use
Examples: SIMPLE, MULTI -
compare: the compare operator to use
Examples: SINGLE_OBJECTIVE, MULTI_OBJECTIVE -
score: the score operator to use
Examples: RANK_SCORING -
crossover: the crossover operator to use
Examples: SIMPLE_CROSSOVER -
select: the select operator to use
Example: SIMPLE_ELITISM_SELECTION -
mutate: the mutate operator to use
Example: ADAPTIVE_FITNESS_BASED_MUTATION -
debug: the debug level to use Must be of the form
(number > 0 && number =< 3) -
budgeting: whether to use the budgeting mechanism Must be true or false.
-
fitness-function: the fitness function to use Note: these function impact the speed of the algorithm a lot for example, the Linear distance function is O(n) while the others are O(n^2) Examples: REAL_CODED_EDIT_DISTANCE
-
use-stall-manager: whether to use the stall manager
Must be true or false. -
use-migration-actor: whether to use the migration actor
Note: only works when using a multi environment Must be true or false. -
use-result-actor: whether to use the result actor
Must be true or false.
This tool has been developed to allow for a lot of extension.
public static void main(String[] args) {
// The arguments processor is needed to process the config file and the arguments given to the program.
ArgumentProcessor processor = new ArgumentProcessor();
// This line is needed to get an instance of a program.
// This is to let the processor decide what program to make (e.g. GUI CLI or normal).
Program program = processor.getProgram(args);
// Here you can add your own flags.
// How to use flags is explained in the next section.
// You need to add flags before the initializeMaps() method is called,
// otherwise it will not be put in the property maps.
// Also keep in mind that when you add this,
// you will also need to edit your config file to hold this property (except in the non setting case).
processor.addFlag("--myflag", new Flag("easter-egg", "Amazing easter egg!"));
// The order in the next 3 function calls is very important as a different order will throw an exception.
// First, we initialize the maps to hold all the properties and flags.
processor.initializeMaps();
// Next, we validate and process the arguments.
processor.validateAndProcessArguments(args);
// Last, we check all the properties for conflicting values.
processor.findConflictsInPropertyValues();
// Here we start up the real program.
program.start();
}
As shown in the explanation of the main class, you are able to add your own flags/properties to the program!
However, to do this you need to keep some stuff in mind.
For example:
- You can't use flags that are already in use by the program.
- Adding flags that are settings require you to also add them to the config file.
- Flags can be any arbitrary string.
addFlag("--myflag", flagObject);
Adds a flag object corresponding to the --myflag flag.
Flag(String property, String description)
This flag does not need an argument
This flag's property needs to be in the config file
Flag(String property, String description, boolean setting)
This flag does not need an argument
This flag's property needs to be in the config file iff setting is equal to false
Flag(String property, String description, Set<String> options)
This flag needs an argument
This flag's argument needs to be equal to one of the options
This flag's property needs to be in the config file
Flag(String property, String description, String regex)
This flag needs an argument
This flag's argument needs to match the regex
This flag's property needs to be in the config file
Lets say you have made your own program extension and want to use a command to initialize it.
In your main method, instead of writing:
Program program = processor.getProgram(args);
we will write:
processor.addFlag("--myProgram", new Flag("Start myProgram", "Starts the myProgram instance!", false));
Program program;
if (args.length == 1 && args[0].equals("--myProgram")) {
program = new myProgram();
} else {
program = processor.getProgram(args);
}
Now if we run our program with just --myProgram as argument it will start the MyProgram instance!