Steps

A Step consists of a web browser action or an HTTP request that is executed during a test Run. Steps can include browser actions like navigating to pages, clicking, entering text, ajax requests, etc. Steps can also consist of a raw HTTP request.

Creating a Step

Step 1

Steps can be created from the profile page of a Test. From the Test's profile page, click on the "New Step" button.

Step 2

Fill out the "New Step" form to create your Step.

These are the options for creating a Step.

Field Description
Step Type The type of step.

Options
Browser Action - This step is a web browser user action like like navigating to pages, clicking, entering text, ajax requests, etc.
HTTP Request - This step is an HTTP request.
SSL Scan - This step is scans a host/port for supported SSL protocols and ciphers.
Port Scan - This step is scans a host for open/listening TCP ports.
Wait - This step will wait for the specified number of seconds.
Filter Host A comma delimited list of network hosts. Only requests to the hosts will be checked by Rules and Conditions. This can be used to ignore non-relevent requests and speed up the amount of time that a step takes.
Examples: example.com, owasp.org, nist.gov
Filter Path A comma delimited list of paths. Only requests with paths that contain the values entered will be checked by Rules and Conditions. This can be used to ignore non-relevent requests and speed up the amount of time that a step takes.
Examples: /home, /api/vi, /forms/transfer

Browser Steps

These are the options for browser Steps.

Field Description
Action The type of browser action.

Options
Navigate To - Navigate to a URL.
Click - Click on element.
Press Keys - Press button on keyboard (can be used to enter text or use modifier keys like Control, Option, etc).
Type Text - Type text into element.
Select - Select option from drop-down form field.
Clear Field - Clear text from an element.
Browser AJAX - Send AJAX request from browser.
Browser Javascript - Execute Javascript in browser.
Mouse Over - Hover mouse over element.
Double Click - Double click on element.
Resize Window - Resize the browser window.
Crawl - Crawl a web url and navigate through links found on the pages.
Identifier The attribute (eg. 'id', 'name') or the method used ('css' or 'xpath') to select the element.
Selector The value used to select the element.
Attribute Examples: username, name, age
CSS Examples: #signin-button, .logout-button, #site-navigation > li:nth-child(4) > .nav-item
Xpath Examples: //nav/div/ul/li[4]/a, //input[@id='loginId'],(//a[contains(text(),'Research')])[2],
Value The value to use for the browser action.
Navigate to: Enter the URL
Press Keys: Enter the text to be typed or the modifier key to press.
Type Text: Enter the text to be typed
Browser Javascript: Enter Javascript code

Note: Browser AJAX requests share the same fields as HTTP Requests. Documentation for AJAX requests are in the following section: HTTP Request and AJAX Request Steps

Below is an example of a browser "click" step.

HTTP Request and AJAX Request Steps

These are the options for HTTP Request Steps and browser Ajax Request Steps.

Field Description
Protocol The protocol used for the request.

Options
http - Send request via http.
https - Send request via https.
Host The host that the request will be sent to.
Examples: example.com, webapp.org:3000, nist.gov
Optional: Use use host-colon convention to specify a port (eg. webapp.org:3000)
Path The path to which the request will be sent.
Examples: /home, /api/vi, /forms/transfer
Method The method used for the HTTP request.
Options: GET, POST, PUT, OPTIONS, DELETE, TRACE<, PATCH
Body The body contents of the request.

The following are options to add HTTP headers.

Field Description
Name The name of the header.
Value The value of the header.

The following are options to add HTTP cookies.

Field Description
Name The name of the cookies.
Value The value of the cookies.

Below is an example of an HTTP Request step.

SSL Scan Steps

These are the options for SSL Scan Steps.

Field Description
Port The port to conduct the SSL scan.
Must be an integer
Value The domain that you would like to scan.
Examples: example.com, google.com, bing.com

Port Scan Steps

These are the options for Port Scan Steps.

Field Description
Value The domain that you would like to scan.
Examples: example.com, google.com, bing.com

Wait Steps

These are the options for Wait Steps.

Field Description
Value The number of seconds to wait.

Running a Step

Running a Step will initiate the browser action and/or raw HTTP requests in the Step.

Step 1

To run a Step, click the "Run Step" button on the Step profile page.

Results can be viewed on the Step profile page after the Run is comlete and the data has been processed.

Results from the Run can also be viewed in the Run Report

Identifiers & Selectors

Identifiers & selectors are used in steps to Select DOM/HTML elements.


Identifiers

An identifier represents the attribute (eg. 'id', 'name') or the method used ('css' or 'xpath') to select the element.


Selectors

A selector is the value used to select the element.
Attribute Examples: username, name, age
CSS Examples: #signin-button, .logout-button, #site-navigation > li:nth-child(4) > .nav-item
Xpath Examples: //nav/div/ul/li[4]/a, //input[@id='loginId'],(//a[contains(text(),'Research')])[2],

Examples

The following are examples of identifiers & selectors used to select the DOM element examples below.

Selector Identifier HTML
Select by name name username
<input type="text" name="username" />
Select by css class css .fa-cube
<i class="fa fa-cube"></i>
Select by css id css #fa-cube
<i class="fa fa-cube"></i>
Select by css nested element css div#fa-profile_55 img.profile-pic
<div id="item-5"><img src="profile_55" class="profile-pic"></i>
Select by xpath xpath /html/head/title
<!doctype html>
    <html lang="en">
      <head>
        (...)
        <title>Selecting content on a web page with XPath</title>
      </head>
      <body>
      (...)
      </body>
    </html>
Select by xpath id xpath //button[@id="accept_button"]
<div>
    <button id="accept_button">
      Yes
    </button>
    <button id="deny_button">
      No
    </button>
  </div>
Select by xpath class xpath //*[@class="profile-pic"]
<div id="item-5"><img src="profile_55" class="profile-pic" /></div>

Identifiers and selectors used with several browser actions, including 'Click', 'Type Text', 'Double Click', etc.

Environment Variables

Environment Variables are Step values that can be set and accessed in other Steps throughout the duration of your test Run.

Setting Environment Variabls

Environment Variables are set in the Advanced Settings section of a Step:

- After opening the Advanced Settings section, click 'Add Environment Variable'.



- Then enter the Environment Variable name. This is the text that will be used to reference the variable in other Steps.

- Then select an environment type:

Value - A text value that will be accessible by attributes of the step and future steps that are run as part of the test.
Request Header - Set environment variable to the value of the request header with the specified name.
Request Cookie - Set environment variable to the value of the request cookie with the specified name.
Response Header - Set environment variable to the value of the response header with the specified name.
Response Cookie - Set environment variable to the value of the response cookie with the specified name.


Value Environment Variable types

The value in the Environment Variable setting will replace the text block when it is referenced in HTTP parameters or the value fields in a step.


Request/Response Environment Variable types

When a request with a cookie or header with the specified name is observed, the value is stored in the environment variable and can be accessed by the HTTP request parameters and the value fields in the Step.

The value of the Environment Variable setting will replace the text block when it is referenced in HTTP parameters or the value field in the Step.


Reference Environment Variable in Step value

Reference Environment Variable in Step Request/Response parameter

The value can be accessed in subsequent steps until the value is overwritten or the test concludes.

When a Request/Response Environment Variable is set another request has a header or cookie with the same respective name, but a different value, the Environment Variable value will be overwritten with the new value.

This can be used to retain session & CSRF tokens, along with other persistent data, throughout the duration of a test.



Accessing Environment Variables

Environment Variables can be accessed in step fields by encapsulating your variable name with $VAR: and $


Reference Environment Variable in Step value

Reference Environment Variable in Step Request/Response parameter

The value of the Environment Variable setting will replace the text block when it is referenced in HTTP parameters or the value field in the Step.

Copy Steps

Populate details in a Step form with information from another step by using the "Copy step" feature. This feature can be found in the "Advanced Setting" section in the Step form.

The Step ID can be found in the Step's URL as the number prefix of the URL. Copy that number into the text field and click "Copy" to fill in the Step's information.

Related Docs
Templates
Results
Run Report