Skip to content

Latest commit

 

History

History
144 lines (115 loc) · 3.94 KB

TEST.md

File metadata and controls

144 lines (115 loc) · 3.94 KB
Raw

How to perform tests

JS API

sudo python3 src/main.py set_portal js-api

Cookie

Read, write, and persistence

sudo python3 src/main.py set_portal cookies

First round should give "Previous cookie not presented. Set Cookie successfully.", and the second round should give "Previous cookie presented.Set Cookie successfully."

Value capacity:

sudo python3 src/main.py set_portal https://wpt.live/cookies/value/value.html

SameSite:

sudo python3 src/main.py set_portal https://samesitetest.com/setup/confirm,https://shared.samesitetest.com,https://samesitetest-external.com,http://insecure-shared.samesitetest.com,http://insecure.samesitetest-external.com,http://insecure.samesitetest.com

Secure:

sudo python3 src/main.py set_portal https://wpt.live/cookies/secure/set-from-http.https.sub.html # should work
sudo python3 src/main.py set_portal http://wpt.live/cookies/secure/set-from-http.https.sub.html # should not work

Note that, if the captive portal session is not sandboxed, then in the HTTP test, the two tests should be failed and pass respectively, otherwise both tests will be failed.

HttpOnly:

sudo python3 src/main.py set_portal http://linux8.csie.ntu.edu.tw:8123/

SOP & CORS

sudo python3 src/main.py set_portal https://wpt.live/cors/basic.htm
sudo python3 src/main.py set_portal https://wpt.live/cors/origin.htm

Notice that even some normal browsers can't pass all the test in basic.html.

SSL

HTTP:

sudo python3 src/main.py set_portal default

HTTP-credit-card:

sudo python3 src/main.py set_portal http://http-credit-card.badssl.com/

Normal:

sudo python3 src/main.py set_portal https://joeywang4.github.io/

Expired:

sudo python3 src/main.py set_portal https://expired.badssl.com/

Wrong Host:

sudo python3 src/main.py set_portal https://wrong.host.badssl.com/

Self-signed:

sudo python3 src/main.py set_portal https://self-signed.badssl.com/

Untrusted root:

sudo python3 src/main.py set_portal https://untrusted-root.badssl.com/

Revoked:

sudo python3 src/main.py set_portal https://revoked.badssl.com/

Pinned:

sudo python3 src/main.py set_portal https://pinning-test.badssl.com/

Bad cipher (DH 1024):

sudo python3 src/main.py set_portal https://dh1024.badssl.com/

Outdated TLS:

sudo python3 src/main.py set_portal https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html,https://cdnjs.cloudflare.com/,https://ssllabs.com/,http://plaintext.ssllabs.com/,https://www.ssllabs.com/ # SSL
sudo python3 src/main.py set_portal https://tls-v1-0.badssl.com:1010/ # TLS v1.0
sudo python3 src/main.py set_portal https://tls-v1-1.badssl.com:1011/ # TLS v1.1

HSTS:

sudo python3 src/main.py set_portal https://hsts.badssl.com/
sudo python3 src/main.py set_portal http://hsts.badssl.com/

Suppose that HSTS is not followed in the same session, the first portal (the https one) would no display "HSTS is working." Suppose that HSTS is not followed in the different session, the second portal (the http one) would no display "HSTS is working."

Mixed content

sudo python3 src/main.py set_portal https://www.mixedcontentexamples.com/Test/NonSecureJS # JS
sudo python3 src/main.py set_portal https://www.mixedcontentexamples.com/Test/NonSecureIFRAME # iframe

Indirect Redirection:

sudo python3 src/main.py set_portal https://allenchou.cc/a-secret-page-for-test.html,https://self-signed.badssl.com/

LocalStorage

sudo python3 src/main.py set_portal localStorage

Safe Browsing

Phishing

sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/phishing.html

Malware (download link)

sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/malware.html

Malware (direct access)

sudo python3 src/main.py set_portal https://testsafebrowsing.appspot.com/s/content.exe