The complete sequence for training a Web Goat login looks like this: Hover over the item you want to select and click inside the highlighted rectangle.Įvery time you click inside a rectangle the browser drops out of this special selection mode, so you have to hit the ALT key before each element is selected. Press the ALT key (you will notice that moving the mouse around the page now shows rulers and special markers highlighting the element you are hovering over)
NOTE: The instructions below refer to the ALT key in many places. The browser has a special selection mode for picking page elements. There is a little keyboard magic required to select the visual inputs. The recorder will look at the relevant DOM information to encode the visual targets so that they can be identified and selected when the workflow is executed later. Specifically, we will perform the following actions to capture the data needed by the workflow engine. Instead, the recorder captures the visual targets of interaction in the order they need to be visited or clicked during the login. The workflow recorder is not capturing events or HTTP traffic. The next steps are to 'train' the workflow recorder to capture the correct sequence of page elements. The browser will navigate to the specified URL. Type in the target URL and press the enter key. The examples in this tutorial show a user 'joeblow' and a password of 'abc123' There is nothing special about those credentials and we show these values here just to reconcile the screen shots and parameter information to follow later.Ī browser will pop up. If you want to follow these steps for Web Goat you can download the docker image from docker hub.ĭocker run -p 8080:8080 -it -rm -name webgoat webgoat/webgoat-8.0īrowse to the running application at and register a user. This tutorial will demonstrate how to create this workflow data using the recorder tool and onboard it into a job template.Ĭreate an application with a name so that we can add a login workflow and save it in the application. The image below shows a recorded workflow that will login to the Web Goat application. Some of these actions require data inputs and the Venari engine supports parameterized inputs. Once these action streams are recorded as workflows, they can be replayed automatically by the Venari browser driver. Click through form elements to provide user dataĪll of these examples describe a sequence of user inputs.Click through a sequence of form inputs and submit the order.Click a specific item (like 'USB thumb drive').Click a category link (like 'Electronics').Click a button labeled 'sign in' (browser navigates to landing page).Click a button labeled 'Sign In' (the DOM changes and a form appears).The workflows are editable using the Venari UI or the Assert Security Editor extension for VS Code. The Venari UI shows workflows as YAML text. Internally, Venari represents workflows as hierarchical data. A workflow is a sequence of browser actions that cause the web application state to change. Workflows are a foundational part of the Venari analysis architecture. In addition to detailing specific user actions, the sections below will share details and concepts about how workflow processing works in Venari. The steps below describe the exact sequence of UI interactions needed to record such a workflow. For cases where auto-login fails, users can create a login workflow in the Venari UI and pair that workflow with a job template. In most cases the Venari Auto-Login engine can heuristically determine the browser action stream needed to perform a login, using only the start URL and the credentials from a job template. If you prefer a short video tutorial then check here: Recording a Login Workflow with Venari The secondary goal is to record a login workflow and configure a job template to use that workflow for logging in to Web Goat. The goal of this tutorial is to introduce Venari workflows as a concept.
0 kommentar(er)
