Advertisement

Recording and Replaying Navigations on AJAX Web Sites

  • Alberto Bartoli
  • Eric Medvet
  • Marco Mauri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7387)

Abstract

Recording and replaying user navigations greatly simplifies the testing process of web applications and, consequently, greatly contributes to improving usability, robustness and assurance of these applications. Implementing such replaying functionalities with modern web technologies such as AJAX is very hard: the GUI may change dynamically as a result of a myriad of different events beyond the control of the replaying machinery and even locating a given GUI element across different executions may be impossible.

In this work we propose a tool that overcomes these problems and is able to handle real-world web sites based on AJAX technology. Recording occurs automatically, i.e., the user navigates with a normal browser and need not take any specific action. Replaying a previously recorded trace occurs programmatically, based on several heuristics that make the tool robust with respect to DOM variance while at the same time maintaining the ability to detect whether replaying has become impossible—perhaps because the target web site has changed too much since the recording. The entire procedure is fully transparent to the target web site. We also describe the use of our tool on several web applications including Facebook, Amazon and others.

Keywords

Trace Recorder Vulnerability Scanner Navigation Sequence AJAX Technology Page Variation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
  2. 2.
    Bai, X., Cambazoglu, B.B., Junqueira, F.P.: Discovering urls through user feedback. In: Proceedings of the 20th ACM International Conference on Information and Knowledge Management, CIKM 2011, pp. 77–86. ACM, New York (2011), http://doi.acm.org/10.1145/2063576.2063592 Google Scholar
  3. 3.
    Doupé, A., Cova, M., Vigna, G.: Why Johnny Can’t Pentest: An Analysis of Black-Box Web Vulnerability Scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111–131. Springer, Heidelberg (2010), http://dx.doi.org/10.1007/978-3-642-14215-4_7, 10.1007/978-3-642-14215-4_7CrossRefGoogle Scholar
  4. 4.
    Álvarez, M., Pan, A., Raposo, J., Hidalgo, J.: Crawling Web Pages with Support for Client-Side Dynamism. In: Yu, J.X., Kitsuregawa, M., Leong, H.V. (eds.) WAIM 2006. LNCS, vol. 4016, pp. 252–262. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11775300_22, 10.1007/11775300_22CrossRefGoogle Scholar
  5. 5.
    Medvet, E., Kirda, E., Kruegel, C.: Visual-similarity-based phishing detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm 2008, pp. 22:1–22:6. ACM, New York (2008), http://doi.acm.org/10.1145/1460877.1460905
  6. 6.
    Mesbah, A., Bozdag, E., van Deursen, A.: Crawling ajax by inferring user interface state changes. In: Eighth International Conference on Web Engineering, ICWE 2008, pp. 122 –134 (July 2008)Google Scholar
  7. 7.
    Mesbah, A., van Deursen, A.: Invariant-based automatic testing of ajax user interfaces. In: Proceedings of the 31st International Conference on Software Engineering, ICSE 2009, pp. 210–220. IEEE Computer Society, Washington, DC (2009), http://dx.doi.org/10.1109/ICSE.2009.5070522 Google Scholar
  8. 8.
    Montoto, P., Pan, A., Raposo, J., Bellas, F., López, J.: Automating Navigation Sequences in AJAX Websites. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 166–180. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-02818-2_12, 10.1007/978-3-642-02818-2_12CrossRefGoogle Scholar
  9. 9.
    Pattabiraman, K., Zorn, B.: Dodom: Leveraging dom invariants for web 2.0 application robustness testing. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (ISSRE), pp. 191–200 (November 2010)Google Scholar
  10. 10.
    Roest, D., Mesbah, A., van Deursen, A.: Regression Testing Ajax Applications: Coping with Dynamism. In: 2010 Third International Conference on Software Testing, Verification and Validation (ICST), pp. 127–136. IEEE (April 2010), http://dx.doi.org/10.1109/ICST.2010.59
  11. 11.
    Xie, Q., Memon, A.M.: Designing and comparing automated test oracles for GUI-based software applications. ACM Trans. Softw. Eng. Methodol. 16(1), 4+ (2007), http://dx.doi.org/10.1145/1189748.1189752

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alberto Bartoli
    • 1
  • Eric Medvet
    • 1
  • Marco Mauri
    • 1
  1. 1.DI3University of TriesteTriesteItaly

Personalised recommendations