security issue with MSCAPTCHA - captcha

I'm using MSCAPTCHA in one of my projects .
Now I Know that Captchas that their characters are dependent to their image url could be passed by hackers easily .
I mean if we copy the captcha image url and open it in new browser window and refresh it the same characters would be generated .
and hackers have ways to use this bug . How ? they write a small program that request our page except the captcha then they use that first captcha image url . and they pass the captcha . ( I've read this somewhere and I don't know details too )
Now any idea how to solve this ? or is there any captcha without this problem ?

I don't know MSCAPTCHA in particular, but you seem to have a misunderstanding of how captchas are solved. Yes, each captcha image has a unique URL. That's fine and irrelevant. The form that the captcha belongs to has some sort of information that requires the user to solve a specific captcha. A user cannot simply answer any random captcha he wants.
While preparing the form that is presented to the user, the server generates a captcha and saves the expected answer internally, in the user's session for instance. It then sends the link to the specific captcha image to the user with the form. If the returned answer is not what is expected, the solution is rejected. It doesn't matter if the user tries to look at some other captcha than the one sent by the server.

Perhaps something to sidestep the problem while still addressing underlying requirement of human vs robot verification that captcha fills?
I implemented something of my own which a human reader should be able to read. I'd ask them
"I have AA stones and I gather BB more. I now have [textbox_here] stones overall".
The pseudo code is like:
Random rand = new Random();
int intNums[] = {0,1,2,3,4,5,6,7,8,9};
string strNums[] = {"zero", "one", "two", "three", "four", "five", "six", "seven", "eight", "nine"};
int aIndex = rand.Next(0,4); // 0, inclusive, 5 exclusive
int bIndex = rand.Next(0,4);
// 1. use AA and BB below to print your HTML form
string AA = strNum[aIndex];
string BB = strNum[bIndex];
// 2. save/pass out "rightAnswer" to later verify
// the users answer from the textbox
int rightAnswer = aIndex + bIndex;
I prefer this since it's lightweight, no external dependencies and so far it's worked (no spam). You can also try an array of question and answers like
string questionArray[] = { "My mother has only one son. Am I male or female?", ... };
string answerArray[] = { "male", ... };
You get the idea ...
Hope it helps!

Related

Storing and reusing the text content of an object using Playwright and Javascript, then use it for assertion/validaton

I would like to store the text from an object locator and use it for assertion. For instance, I have a trade number - 1234. This trade number only appears after a transaction, so it is not static on other screens. This number is located on several other screens and I need to validate that it appears. I am able to locate the element through inspect and Playwright accepts it, but having issues:
Grabbing the text (1234)
Then setting up an assertion statement to compare it
Below are my humble and naïve attempts:
async getConfirmNumber() {
//Store the contents in the page locator which has the trade number
const tradeNumber = page.locator('div:nth-of-type(2) > .col-md-9.display-value.ng-binding').textContent;
//Navigate to a different screen which now will display the trade number
await this.page.click('a[caption="History"]')
await this.page.click('a[href="#/trade-summary"]')
//Line of code that I am not sure how to correctly write. ".bidconfirmation" is the locator on the new screen which displays the trade number.
//If the contents or value of ".bidconfirmation" is NOT 1234 then an error needs to display.
await expect(tradeNumber).toHaveCSS('.bidconfirmation', tradeNumber);
}
Just to let you know I would change the tag on this post to playwright-JavaScript to better reach the intended audience.
However, if I understand your question correctly you are trying to get the text content of an element but the textContent() method is not working, I would try to use the innerText() method and see if that works.
Apologies if this is a little off as I work with the java version of Playwright but you could do:
const tradeNumber = page.locator('div:nth-of-type(2) > .col-md-9.display-value.ng-binding').innerText(); //BTW I would change this locator to something unique or a little more stable -- this should give you the tradeNumber
//then I'm not 100% sure what your trying to do here but if I understand correctly this might help
await expect(page.locator('.bidconfirmation').toHaveValue(tradeNumber));
I hope this helped a little, Im sorry I couldn't really get an understanding fully of the question you were asking but feel free to take a look at playwright.dev to find documentation surrounding Playwright.

Detecting Drop down with Selenium WebDriver

http://i.stack.imgur.com/L4WUv.jpg
Link to Grid
I'm trying to detect the different drop downs on this page (depicted by the filters by the text boxes). The problem i'm having is that it seems that the filters all have the same ids. I can get the webdriver to find the initial filter button but not target the options in the drop down.
Note the filters I'm talking about are the ones from the funnel buttons. For example contains, isEqual, between etc *
This is wrong but an example
it('Should filter grid to -contain Civic', function() {
browser.element(by.id('ctl00_ContentPlaceHolder1_RadGrid1_ctl00_ctl02_ctl03_FilterTextBox_Model')).sendKeys("civic");
browser.element(by.id('ctl00$ContentPlaceHolder1$RadGrid1$ctl00$ctl02$ctl03$FilterTextBox_Model')).click();
browser.element(by.xpath("//*[contains(text(), 'Contains')]")).click();
})
NOTE The answer that was being looked for is at the bottom of this answer after the word "EDIT". The rest of this answer is retained because it is still useful.
It's a challenge to test webpages that dynamically generate ids and other attributes. Sometimes you just have to figure out how to navigate the stable attributes with an xpath. Here's an xpath that finds all four dropdowns:
//tr[#class='rgFilterRow']//input
To differentiate between each one, you can do this:
(//tr[#class='rgFilterRow']//input)[1] // Brand Name
(//tr[#class='rgFilterRow']//input)[2] // Classification
(//tr[#class='rgFilterRow']//input)[3] // Transmission
(//tr[#class='rgFilterRow']//input)[4] // Fuel
Using numbers to specify elements in an xpath isn't really desirable (it will behave incorrectly if the order of columns in the table changes), but it's probably the best you can do in this case because of all the dynamic ids and general lack of reliable identifying attributes.
EDIT
I misunderstood what you were trying to get because I didn't look at the image that you linked to. Once you've opened up that menu, you should be able to use an xpath to get whichever option you want by the text. For example, if you want the "Contains" option:
//a[#class='rmLink']//span[text()='Contains']
This page is highly dynamic. You had better brush up on your XPath, as nothing else will be able to help you. You can use this: http://www.zvon.org/xxl/XPathTutorial/General/examples.html .
Here is a simple example of how to access the Brand Name "pulldown". This is written in Groovy, which looks a lot like Java. If you know Java you should be able to get the idea from this:
WebElement brandName = driver.findElement(By.id("ctl00_ContentPlaceHolder1_RadGrid1_ctl00_ctl02_ctl03_BrandNameCombo_Arrow"))
brandName.click() // to open the "pulldown"
List<WebElement> brandItems = driver.findElements(By.xpath("//ul[#class='rcbList']/li"))
brandItems.each {
if(it.text == 'BMW')
it.click()
}
Unfortunately, the above id is not very reliable. A much better strategy would be something like:
WebElement classification = driver.findElement(By.xpath("//table[#summary='combobox']//a[contains(#id, 'ClassificationCombo_Arrow')]"))
Selecting its items is done similarly.
classification.click() // to open the "pulldown"
List<WebElement> classificationItems = driver.findElements(By.xpath("//ul[#class='rcbList']/li"))
classificationItems.each {
if(it.text == 'Sedan')
it.click()
}
If you are not up to the task, you should be able to get help from your development colleagues on how to locate all the elements in this page.

Google plus share button, current URL instead of Specified URL?

If clarification is needed, please let me know. If it can't be done, please let me know this as well. I am desperately trying to figure this out still
I was following Google's Dev guide to the Share button at the following site:
https://developers.google.com/+/web/share/
and I can not seem to figure out how, if it's even possible, to use a custom icon AND use the current URL instead of having to specify a URL.
I found this section of their site that specifies an anchor tag address:
"https://plus.google.com/share?url={URL}"
This would allow me to use a custom icon (and the only way I can use a custom icon as far as I can tell) and a few other custom parameters as well. But it looks like this method requires a specified URL and, as far as I can tell, provides no method to dynamically create the link depending on the current page.
If I use the code generator at the top, it will use the current page, but it calls on a Google hosted Java Script and in addition, it is a hover link that pops up when I hover over the icon. And of course, I also can't use a custom icon with the generator either.
I've been Googling every search term I could think of and searching this site as well and I haven't been able to find anyone else asking this question as of yet. I figured after about 20-30 minutes of searching that I wasn't going to find my answer via searching, so i apologize if this has been answered.
Just some background on my experience to give an idea of where I sit: I have a decent grasp of the workings of HTML and CSS. Javascript, however, I understand very very basic theory and that's about it. I definitely intend to learn, however, as it will prove a very valuable skill.
Thank you very much!!
I think I know what needs to be done, but...I don't know how to do it (or if it would even work) :|
my share link needs to link to a script that looks at the current page's URL, and then takes that information, and creates a dynamic link from it that will take the user to the following link: https://plus.google.com/share?url={URL from query will be here}.
I think that might work...it sounds like it would. Any thoughts? If so, any simple scripts around that would do just this?
Double thanks!!
--I finally found something that works, but it uses Javascript and I don't fully understand it, just enough to tweak it. It took me forever to find this, but it works with Google Plus, Facebook, or Twitter! (and I'm sure it will work with any other website that supplies a Share Link that requires a specified URL)
Here it is, I'm still looking for a better solution, but this does exactly what I was looking for:
<a href="javascript:(
function(){
var w=480;var h=380;
var x=Number((window.screen.width-w)/2);
var y=Number((window.screen.height-h)/2);
window.open('https://plus.google.com/share?url='+encodeURIComponent(location.href)+'
&title='+encodeURIComponent(document.title),'','width='+w+',height='+h+',left='+x+',top='+y +',
scrollbars=no');
})();" style="background: url(/wp-content/themes/HTML5/images/googleplus.png) no-repeat scroll left center transparent;">
Share to Google+</a>
EDIT! After spending some months learning Javascript, I've built a solution that is much better than that which is provided below. I'll leave my original answer, however, I want to place this better solution at the top.
This solution should work on ANY social media platform that gives you a custom share URL (that is to say, a url that allows you to manually type in an address to share).
Here is how it all works (and if anyone has any suggestions or tweaks that have more experience with JS, please let me know).
I assign variables to the document.URL and document.titleproperties.
I write a named function (I called mine, socialShare) that is set to run via an anonymous function on the window.onloadevent.
The socialShare function assigns variables to the location of my social button's within the HTML. In my case, I used IDs to locate the elements. The purpose of these variables is purely for aesthetics (I use these variables to re-write the the HTML code dynamically, so that when you hover over the share button, it displays the correct URL for sharing the current page you are on)
var fbShare = document.getElementById("fbShare");
var gplusShare = document.getElementById("gplusShare");
twitterShare = document.getElementById("twitterShare");
I then write three separate anonymous functions, one for each social media platform. Each function has two statements. The functions work as follows: the first part is the variable assigned to the location of the HTML element with the ID fbShare. The second part tells it to run the function when that element is clicked; .onclick. The third part is the anonymous function that will run when that element is clicked. The first statement of this function will open a new window; window.open; and in that new window, it will open the URL that is specified by feeding the window.open method parameters. The parameters are as follows (URL,name,specs) where URL is the URL you want to share, name is optional and left blank as seen by the empty set of quotes, and finally specs is where you specify attributes of the window (IE: width and height). The first parameter, the URL: ("https://www.facebook.com/sharer.php?u="+currentURL, currentURL is the global variable that was assigned earlier and will place whatever the current documents URL is, in place of currentURL. The second parameter, the name: "", This is left blank, as it is optional. The third parameter, the specs: "height=368,width=600,left=100,top=100,menubar=0"); These are a comma-seperated list of items. In my case, I've specified a height, width, and the location of the window, as well as disabled the menubar. Finally, the second statement, return false; tells the browser NOT to follow the link inside the HTML code. If this was not specified, then the browswer would follow the URL in the HTML, AND open a new window. For more information on the window.open method, please see the link at the bottom of this new answer.
fbShare.onclick = function() {
window.open("https://www.facebook.com/sharer.php?u="+currentURL,"","height=368,width=600,left=100,top=100,menubar=0");
return false;
}
gplusShare.onclick = function() {
window.open("https://plus.google.com/share?url="+currentURL,"","height=550,width=525,left=100,top=100,menubar=0");
return false;
}
twitterShare.onclick = function() {
window.open("https://twitter.com/share?url="+currentURL+"&text="+currentTitle,"","height=260,width=500,left=100,top=100,menubar=0");
return false;
}
And finally, I modify the HTML href elements of each social media button so that when the user hovers over the share buttons, they see the correct Share URL displayed in their browsers status bar. The first part of this statement grabs the element id, fbShare and the second part tells it to set an attribute, .setAttribute. Then we pass in the attribute name that we want to change, ("href", in this case, and then we pass in what we would like the new attribute value to be, "http://www.facebook.com/sharer.php?u="+currentURL); currentURL is the same here, as earlier. It is the variable that holds the value for whatever the current page's URL is.
fbShare.setAttribute("href","http://www.facebook.com/sharer.php?u="+currentURL);
gplusShare.setAttribute("href","https://plus.google.com/share?url="+currentURL);
twitterShare.setAttribute("href","https://twitter.com/share?url="+currentURL+"&text="+currentTitle);
That's about all there is to it! I hope I wrote this well and I hope it is relatively easy to follow. If any pros out there have any suggestions, please feel free to toss in and give your advice! :)
My JS file
http://jrltest.host-ed.me/_js/share.js
Link to information on the window.open method at w3schools.com
http://www.w3schools.com/jsref/met_win_open.asp
Link to information on the .setattribute method at w3schools.com
http://www.w3schools.com/jsref/met_element_setattribute.asp
OLD ANSWER: I figured I'd add this as an answer. It does the trick and solves the exact problem that I had. The URL after 'window.open' would be the social media's Share Link (in the case of the example, it's google plus' Share Link. There are a few variables that can be either modified or removed. Anyone that's good with scripting could probably create a PHP version (which I would LOVE) or modify it to better suite their needs. At any rate, I hope this will help someone out!
<a href="javascript:(
function(){
var w=480;var h=380;
var x=Number((window.screen.width-w)/2);
var y=Number((window.screen.height-h)/2);
window.open('https://plus.google.com/share?url='+encodeURIComponent(location.href)+'
&title='+encodeURIComponent(document.title),'','width='+w+',height='+h+',left='+x+',top='+y+',
scrollbars=no');
})();" style="background: url(/wp-content/themes/HTML5/images/googleplus.png) no-repeat scroll left center transparent;">
Share to Google+</a>
Native Window Open function its not a good idea, browsers like Mozilla and Chrome block pop up. I think its better use a plugin to open a new windows with the share url, like jquery popup plugin. Work very fine for me and browser cant block it.
Copy an paste into a new js file like original name: 'jquery.popup.js'
jQuery.fn.popup = function(options) {
var defaults = {
width: screen.width/2,
height: screen.height/2,
titlebar: false,
status: false,
resizable: true,
toolbar: false,
scrollbars: true,
menubar: false
};
var options = jQuery.extend(defaults, options);
Boolean.prototype.setProperty = function() {
if (this == true) { return "yes"; } else { return "no"; }
};
jQuery(this).click( function() {
var target = this.target;
var href = this.href;
var posY = (parseInt(screen.height/2)) - (parseInt(options.height/2));
var posX = (parseInt(screen.width/2)) - (parseInt(options.width/2));
var win = window.open(href, target, 'titlebar=' + options.titlebar.setProperty() + ', screenX='+ posX +', screenY='+ posY +', left='+ posX +', top='+ posY +', status=' + options.status.setProperty() + ', resizable=' + options.resizable.setProperty() + ', toolbar=' + options.toolbar.setProperty() + ', scrollbars=' + options.scrollbars.setProperty() + ', menubar=' + options.menubar.setProperty() + ', width='+ options.width +', height='+ options.height);
win.focus();
return false;
});
return this;
};
USAGE:
<script src="jquery.last.js"></script>
<script src="jquery.popup.js"></script>
<script>
jQuery(function(){
//simple load
jQuery(".popupLink").popup({ width: 640, height: 480 });
});
</script>
<a class='popupLink' href="https://www.facebook.com/share.php?u=<?php echo URL;?>">Share Facebook</a>
ALSO YOU CAN PASS OPTIONS LIKE THE PLUGIN EXAMPLE OPTIONS
<script>
jQuery(".popupLink").popup({ width: 640, height: 480, resizable: false, menubar: true });
</script>
The author website dont exist any more. This are the information that comes with the plugin comments
/*
* jQuery popup v1 - A jQuery popup plugin.
* By Jordan Thomas - http://labs.wondergroup.com
* Licensed under the do whatever you want to license.
* If you like, keep this message intact so
* someone else can find the origin.
*/
You can also use PHP to resize the window but here is the PHP version... Have fun :)
See Also: PHP - Getting Current URL
<?
echo '<a href="https://plus.google.com/share?url='.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI].'"
target="_blank"><img src="images/google-custom-icon.png"></a>';
?>

How do I scrape data from a javascript page for iOS?

I'm developing a mobile app (iOS 5.0 and above compatible) for a website where users can view certain data directly from their landing page. The user can refine the results by selecting specific options (i.e. location and/or date). They don't offer any web service calls, and won't allow us to access their database. So my only resort of collecting the data is from 'scraping' the site directly.
My issue is that I don't know how make the changes that the users can make on the site from a http request from the phone. For example the site below:
can be pulled from the site and saved as a string with the following command
NSString *html = [NSString stringWithContentsOfURL:urlrequest encoding:NSUTF8StringEncoding error:&err];
I'm able to separate the relevant data:
// I decided to add the script function name in case anyone wanted to look for themselves
<script type="text/javascript" language="Javascript">
//<![CDATA[
function loadData(){
var winMsgTitle = "Date: 04/11/2012";
// this is the actual data I'm concerned with:
gLatLong = new GLatLng(31.59019444444444, -110.50655555555555);
tmpMapIcon = new MapIcon("0_0", 21, 15);
marker = createMarker(gLatLong, 0.0, createInfoWinMsg(winMsgTitle, ".00", ".84", "5711", "2012", "", "07:00"), tmpMapIcon);
map.addOverlay(marker);
point = null;marker = null;
gLatLong = new GLatLng(32.2938260182, -110.7896411419);
tmpMapIcon = new MapIcon("0_0", 21, 15);
marker = createMarker(gLatLong, 0.0, createInfoWinMsg(winMsgTitle, ".00", "1.00", "1254", "2012", "", "07:00"), tmpMapIcon);
map.addOverlay(marker);
point = null;marker = null;
gLatLong = new GLatLng(33.5966853633, -112.1744066477);
tmpMapIcon = new MapIcon("0_0", 21, 15);
marker = createMarker(gLatLong, 0.0, createInfoWinMsg(winMsgTitle, ".00", ".70", "256", "2012", "", "07:00"), tmpMapIcon);
map.addOverlay(marker);
point = null;marker = null;
Note: There are obviously more points, this is just snip it
In order to get another location, or date, I have to manually select via the site and select the options on the right hand pane. My question is, how do I make those changes programmatically via objective-c?
I suppose you use UIWebView to load that page.
One possible solution is to write JavaScript functions to simulate normal user operations on the right hand pane (for example, use jQuery's trigger function to select the drop down list, select 'Date Range', etc.).
These javascript functions could be coded as strings in your app code.
Then, call stringByEvaluatingJavaScriptFromString: on the webview to run these javascript functions:
[webView stringByEvaluatingJavaScriptFromString:javascript]
Here the javascript parameter is a string you construct that calls your javascript functions. For example:
NSString *javascript = [NSString stringWithFormat:#"selectRegion(%#)", targetRegion];
When doing this, I'd suggest you write these javascripts and test them using a browser's debug tool(Safari's Web Inspector, Firefox's FireBug plugin...) to make sure they work as expect first.
If i understand you correctly, you want to pull the data without displaying the website to your user?
If yes, the only solution i can currently think of would be an off-screen UIWebView, in wich you do some JavaScript-magic to simulate user-input, and then get the data out.
This is however a very hackish approach and i would not suggest you use this in a shipping application.
In fact, i would suggest not doing any webscraping at all, because if they change their sites structure, your app fails to work.
If you are really developing an app "for them" then go tell them that you need a webservice in order to write a good application.
If you are not working "for them" but are just trying to write an app that uses their service to get data, then what you are doing is not only complicated, but does most probably also violate their EULA and you should therefore not be doing that at all. Consider contacting them and see if you can get them to work with you in that case.

How to create Test cases in Automation tool TestComplete

How can I create test cases according to my requirement.
Example:
I have a form with many fields. There is one field name Father's Name, now I want that the user should insert only string in this field, no numeric values should be accepted.
I wanna carry out such cases and do testing using the tool. How can I do this in TestComplete?
So, you want to validate that the tested application correctly handles the situation when forbidden characters are entered in the field, right? If so, then the exact solution depends on what the application does when a forbidden character is entered:
1) The app shows an error box. In this case, make your test enter a forbidden char and check for the error box existence using the appropriate Wait* method (WaitWindow, WaitNamedChild, etc.). Short example from the top of my head (did not run the code):
var TextToEnter="First 123Name";
EditBox.Keys(TextToEnter);
// As a rule, validationg is performed when the focus changes
EditBox.Keys("[Tab]");
var ErrorBox = MainWnd.WaitNamedChild("wndErrorDlg", 5000);
if (ErrorBox.Exists)
Log.Message("Succeeded - the error box is shown");
else
Log.Error("Failed - no error box detected");
2) The app does not show any error, but just ignores the forbidden chars making them not to appear in the edit box. In this case, just compare the actual text against the expected text. Something like this:
var TextToEnter="First 123Name";
var TextToExpect="First Name";
EditBox.Keys(TextToEnter);
if (EditBox.wText == TextToExpect)
Log.Message("Succeeded");
else
Log.Error("Failed");
I hope this helps.