Tag Archives: Opera

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.

However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as Selenium IDE does.

But it would much better to control the browser itself from the Python scripts. And this can be done with Selenium WebDriver.

Selenium WebDriver, Python and Opera browser

Guys from Guru99 have wrote me a letter about their free course about Selenium.

This course looks pretty good. In the first part you can find a detailed description of Selenium components and the project history. After reading this, I finally decided that the Selenium WebDriver suited me best. Examples of WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.

And despite the fact that Selenium is usually used with Firefox, I tried to use it with Chromium-based Opera. This browser is very popular in Russia because of some unique features. 😉

Continue reading

Vulners – Google for hacker. How the best vulnerability search engine works and how to use it

Original article was published in Xakep Magazine #06/2016 (in Russian)

vulners.com logo

The common task. Уou need to find all information about some vulnerability: how critical the bug is, whether there is a public exploit, which vendors already released patches, which vulnerability scanner can detect this bug in the system. Previously, you had to search it all manually in dozens of sources (CVEDetails, SecurityFocus, Rapid7 DB, Exploit-DB, CVEs from MITRE / NIST, vendor newsletters, etc.) and analyze the collected data. Today, this routine can be (and should be!) automated with specialized services. One of these services – Vulners.com, the coolest search engine for bugs. And what is the most important – it’s free and has an open API. Let’s see how it can be useful for us.

What is it?

Vulners is a very large constantly updating database of Information Security content. This site lets you search for vulnerabilities, exploits, patches, bug bounty programs the same way a web search engine lets you search for websites. Vulners aggregates and presents in convenient form seven major types of data:

  • Popular vulnerability databases, containing general descriptions of vulnerabilities and links. For example, well-known NVD CVEs of MITRE US agency and NIST Institute. In addition to this, Vulners supports vulnerability descriptions from various research centers and response teams: Vulnerability Lab, XSSed, CERT, ICS, Zero Day Initiative, Positive Technologies, ERPScan.
  • Vendor’s security bulletins. This bug-reports are published by software vendors and contain information about vulnerabilities in their own products. At current moment Vulners supports various Linux distributions (Red Hat, CentOS, Oracle Linux, Arch Linux, Debian, Ubuntu, SUSE), FreeBSD, network devices (F5 Networks, Cisco, Huawei, Palo Alto Networks), popular and critical software (OpenSSL, Samba, nginx, Mozilla, Opera), including CMS (WordPress, Drupal).
  • Exploits from Exploit-DB, Metasploit and 0day.today. Exploits are parsed and stored in full-text form and you can read the sources in a convenient text editor.
  • Nessus plugins for vulnerability detection. It makes easy to find out whether a particular vulnerability can be detected using this popular network scanner. Why is it important? Read in my article “When a free scanning service detects vulnerabilities better“.
  • Bug disclousers for bug bounty programs. At current moment Vulners supports HackerOne and Open Bug Bounty.
  • Potential vulnerabilities of mobile applications and CMS. It is possible in cooperation with the static application security testing (SAST) vendors Hackapp and InfoWatch APPERCUT.
  • Posts from hacking resources. Vulners collects Threatpost and rdot.org publications, which often cover vulnerability related topics.

All this information is handled, cataloged, structured and is always available for the search.

Continue reading