Using QuickTest Professional and this approach, you can hack email accounts published on Internet. Are you interested? :) So, continue reading this QTP tutorial for details.
I've just recorded a simple script, which signs into Gmail. It:
- Fills 'Username' in
- Fills 'Password' in
- Clicks 'Sign in' button
And the recorded QTP script is:
Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount"
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebButton("Sign in").Click
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebButton("Sign in").Click
As you can see, QTP script is simple enough.
I've set "someaccount" to 'Username' editbox. But what about 'Password' editbox? What value have I filled in?
QTP encrypted the password using SetSecure method:
WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
QTP Help: The SetSecure method is recorded when a password or other secure text is entered.
The text is encrypted while recording and decrypted during the test run.
How to know the initial text?
There is one trick. Apply SetSecure method to non-secured edit box!
Instead of this QTP code:
Browser("Gmail").Page("Gmail").WebEdit("Email").Set "someaccount"
Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
I run this QTP script:Browser("Gmail").Page("Gmail").WebEdit("Passwd").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
Browser("Gmail").Page("Gmail").WebEdit("Email").SetSecure "493844a99bee0e3ab952f2e867fd08e3"
And the result of this QTP script is:
Yes, "mypwd" was encrypted to "493844a99bee0e3ab952f2e867fd08e3". So, "mypwd" is the password I filled!So, this is an easy way to decrypt an encrypted password in QTP.
By the way, there are two ways how to decrypt a password in QuickTest Professional:
- Using Crypt.Encryptstr = "Some Text"'encrStr' will contain an encrypted text.
encrStr = Crypt.Encrypt(str) - Using Password Encoder from 'Start/Programs/QuickTest Professional/Tools'
- I explained two ways how to crypt a text in QTP
- I shown an approach how to decrypt an encrypted text
Well, I promised to show how to hack email addresses... I remember!
I searched several QTP sites and forums for "SetSecure" function and found that some QTP engineers published their code snippets with encrypted passwords (for example, entrance into email accounts) :)
Now you know how to "read" (=steal) passwords in plain text.
Why do I tell that?
Just to remind - be careful when you publish such private info on Internet.
--
Dmitry Motevich
Related articles:
- QTP VIDEO - How to capture dynamic text?
- Top 40 Automated Testing Blogs - Nov 2008
- QTP - How to get font size/color, background color etc of controls?
- 10 steps to become QTP guru
- All QTP visual tutorials
Do you like this QTP tutorial? Would you like to receive them automatically in the future?
If yes, please subscribe to this blog RSS feed or by Email. (How to subscribe? VIDEO guide)
Do you know that you are free to use/copy/publish all my materials on your site/blog?
Subscribe by Email
Subscribe to RSS feed
7 comments:
Very good explaination on encrypting and decrypting the texts.
Interesting!!
QTPExpert
quicktesthp(blogspot)
thanks for the tips
easy to implement...
Excellent your explanations
Hi,
Very nice presentation...
Is there any other way to capture a full webpage image in QTP?
Regards,
Suresh Kumar K
thanks for your support.
It is very easy to practise.
we should actually never pass secure password. the reason for this is that we can directly use the script for login and do any mess there. no need to take pain to decrypt.
Post a Comment