Demo of CounterStrings in Action finding a live bug in Github

Topic created · 1 Posts · 105 Visualizações
  • CounterStrings are an underused technique. Primarily because there are not a lot of tools that implement it. In this blog post I explain how you can use them from within your browser, and as a bonus, using them to find a bug in Github.

    Counterstrings

    If you want to learn more about CounterStrings then:

    A Counterstring is a string like this *3*5*7*9*12*15* where the * represent the position in the string of the number immediately proceeding it. This is a 15 character CounterString.

    Using CounterStrings

    James Bach’s PerlClip is a simple executable that you run and it copies a CounterString into your clip board for copy and pasting into a field.

    My Chrome Extension you right click on a field in a web page and it inserts the CounterString into the field and outputs it to the dev tools console for later copy and pasting.

    CounterStrings are useful because if you paste it into a field and it is truncated you can work out the length. And if you are trying to binary chop to find a length of a validation string then CounterStrings can prove useful.

    Github

    When I was creating a demo video for CounterString extension I tried on Github.

    • I created a 100 character CounterString,
    • added it to Github Search field.
    • Performed the search
    • And Github said it would only search for 128 characters.

    But I only entered 100 characters.

    counterstrings demo on github

    I then used the CounterString functionality to generate other CounterStrings which helped me discover that when Github says “128 characters” it actually means “95 characters”.

    This is a really good example of the type of bugs that CounterStrings can help you find and how you use them to help you create different string lengths to help you identify the real validation length to support you when raising defects.

    Video

    Watch on YouTube

    https://eviltester.com/blog/eviltester/2019-02-26-counterstrings-in-action/