In this article I would like to tell you about a simple tool that you can use in the classroom with high school students or even 4º of ESO to do small tests of Audit Techniques on Web servers. It is a way to introduce students to this beautiful world of Cybersecurity. Well, let's get to it!!!

Phantomjs, as I mentioned before, is a simple tool for end-to-end testing between applications and web services. It provides a browser without a webkit-based interface that allows you to test through the web application.

As you know that I always like to explain things in a practical way, this time it will be no less and here I tell you how to install it and perform the first tests to do with students.

We will install Phantomjs on a MacBook Pro with MacOS Mojave System version 10.14. (Although you can do it perfectly on Windows or Linux)

First we will download PhantomJS from its official website http://phantomjs.org/

In our case we will download the version for Mac OS X

Once the file has been downloaded, we must unzip it in order to access the content. This generates a mask with the same name.

Now we have to open a terminal in our MacBook Pro, because the management of PhantomJS is done by console.

We go to the PATH where we have decompressed the program and we must look for the executable ./bin/phantomjs

To verify that it works correctly, we will launch the PhantomJS help with the command:

./bin/phantomjs –help

Once we have the tool ready we will perform some monitoring task to check its operation.

In this case we are going to perform a connection speed test, we are going to do it against a website that is outside of our LAN, for example the website of the university where I did my specialty (I hope you don't mind hehehe)

For this we will use one of the examples included in the program folder.

bin / phantomjs examples / loadspeed.js https://www.ui1.es

As you can see in the image above, we see that the response speed is 4107 msec.

Another example we can use is features, js, It is a collection of super fast tests that run as your web page loads, then you can use the results to adapt the user experience. For this we use modernirz

A very useful example for testing a website is detectsniff.js, where it will let us know if this website has sniffer agents in its code.

Here I attach a screenshot of execution.

Finally we will make a more personalized example, that is, we will create our own JS to capture an image of a specific Web. We will follow these steps:

  • We create a file called goggle_photo.js
  • The next step is to open that file with our favorite editor and copy the following image code.
  • Then we save the changes to the file and execute it with the following command.
  • Finally, once the program has been executed, it will give us a screenshot of the web we have requested, in this case Google.