SortSite Manual Form Replayer

SortSite scans sites by following links on each page it scans to find new pages to scan. It’s like clicking on every link on a page to find new pages, then clicking on all the links on the found pages. The form replayer allows the scanner to reach pages that require user input to display. Examples include:

SortSite Professional can record form actions, for automatic replay during subsequent scans. This lets you test parts of sites not reachable by links.

Warning: this feature should be used with caution, since some forms may have undesirable side effects when the form is submitted. Examples include:

Recording form actions

To record a form action:

  1. Navigate to the page containing the form you want to record.
  2. Select Record Form Input from the Check menu to start recording.
  3. Type your test values into your form and submit it.
  4. Select Record Form Input again to stop recording. The form action will be replayed next time this page is visited during a scan.

To review, pause or delete recorded form actions:



Note: SortSite Standard doesn’t provide a record and replay facility.

Replaying form actions

Once recorded, form actions are replayed automatically each time the page containing the form is visited during subsequent scans.

For example, if you record a form on https://example.com/account/login then the form is automatically replayed when:

How replay data is stored

Reply data is stored in a replay.xml file on a per-user basis:

Recorded data is encrypted using a per-user encryption key, so recorded data is not accessible to other users, even on the same computer.

Note: Replays in SortSite Developer should be recorded by the desktop application using the same user account used to run the command line tool. If you’re using Jenkins this may require changing the Jenkins service login account, since this defaults to Local System on Windows. The replay.xml file is saved when the application exits, so newly recorded form actions are not available to the command line tool until you quit the desktop application.