SortSite Manual Form Replayer
SortSite scans sites by following links to find new pages to scan (anything you can get to by clicking links) but some pages require user input to display. Examples include:
- a page of search results (nothing gets displayed until you type something to search for)
- a login page (nothing gets displayed until you type a user name and password)
- a Thank You page on a Contact Us form
SortSite Professional can record form actions, for automatic replay during subsequent scans. This lets you test parts of sites not reachable by links.
Note: this feature should be used with caution, since some forms may have undesirable side effects when the form is submitted. Examples include:
- a delete conformation form in a database web app
- a close bank account form in a banking application
- sending an email from a Contact Us page
Recording form actions
To record a form action:
- Navigate to the page containing the form you want to record.
- Select Record Form Input from the Check menu to start recording.
- Type your test values into your form and submit it.
- Select Record Form Input again to stop recording. The form action will be replayed next time this page is visited during a scan.
To review, pause or delete recorded form actions:
- Select View Recorded Forms from the Check menu.
- To stop playback of a form action temporarily, untick Enable Playback on the Options menu next to the form action.
- To resume playback select Enable Playback again to tick it.
- To delete a form action permanently, select Delete Recording on the Options menu next to the form action.
- forms that only allow data to be entered once usually can’t be replayed (e.g. create new username or join mailing list pages)
- forms with catchpas can’t be replayed since catchpas are designed to stop automated replays
- multi-step forms (like insurance quotes) usually can’t be replayed unless each step submits to a unique URL
Replaying form actions
Once recorded, form actions are replayed automatically each time the page containing the form is visited during subsequent scans.
Note that SortSite Standard doesn’t provide a record and replay facility.