A.2
Morphed Source Code
1 <!doctype html> 2 <html>
3 <head>
4 <title>Node Authentication</title>
5 <link rel="stylesheet" href="bootstrap.min.css"> 6 <link rel="stylesheet" href="font-awesome.min.css"> 7 <style> body { padding-top:80px; } </style>
8 </head> 9 <body>
10 <div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class="
r7813096068549201d5495f1a89075842">
11 <div class="r82324b9f91f474f233107a345ab0286f"><div class="
r5ea02ed0ab23cf4cb0852dabbd439ff9 r47636f28fce418724c77c8fba70a50ad"> 12 <h1><div class="r82324b9f91f474f233107a345ab0286f"><span class="
r6ffa44482d93f1906f6698000de64e1d r82efa54987ab1d9b1a4c6c10c41e244e"></span ></div><span class="r6ffa44482d93f1906f6698000de64e1d
r82efa54987ab1d9b1a4c6c10c41e244e r33db4ff9a66457a12905ff7e87080077"></span > Login</h1>
13 <form action="/login" method="post">
14 <div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class=" r898836ca480cafda8454201165330a4b"><label class=" r33db4ff9a66457a12905ff7e87080077">Email</label><input type="text" class="r33db4ff9a66457a12905ff7e87080077 ra8575107d1035567117d40e8a3f64715" name=" r677fd3ca10eb045a013a5ed872444130"><div class="
r82324b9f91f474f233107a345ab0286f"><input type="text" class="
r33db4ff9a66457a12905ff7e87080077 ra8575107d1035567117d40e8a3f64715"
name="r677fd3ca10eb045a013a5ed872444130"></div><label class=" r33db4ff9a66457a12905ff7e87080077">Email</label>
15 <label>Email</label><div class="r82324b9f91f474f233107a345ab0286f"><
input type="text" class="r33db4ff9a66457a12905ff7e87080077 ra8575107d1035567117d40e8a3f64715" name="
r677fd3ca10eb045a013a5ed872444130"></div>
16 <input type="text" class="r33db4ff9a66457a12905ff7e87080077 ra8575107d1035567117d40e8a3f64715" name="
r677fd3ca10eb045a013a5ed872444130"><div class="
r82324b9f91f474f233107a345ab0286f"><input type="text" class=" ra8575107d1035567117d40e8a3f64715" name="
r677fd3ca10eb045a013a5ed872444130"></div>
17 </div></div></div></div>
18 <div class="r82324b9f91f474f233107a345ab0286f"><div class=" r898836ca480cafda8454201165330a4b">
Example Web Page Source Code
19 <div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class="
r82324b9f91f474f233107a345ab0286f"><div class="
r82324b9f91f474f233107a345ab0286f"><label>Password</label></div></
div></div></div>
20 <div class="r82324b9f91f474f233107a345ab0286f"><label class=" r33db4ff9a66457a12905ff7e87080077">Password</label></div><input
type="password" class="ra8575107d1035567117d40e8a3f64715" name=" rddfd74c439be7c57caa9cb0b72cb1823">
21 </div></div>
22 <div class="r82324b9f91f474f233107a345ab0286f"><button type="submit" class= "rd2414407aa93bf19e36318a00176f760 rbab3a9f512a864dfe8e55cd79783cd18 rd46d2b6e4e9e2e2abaa07b3b9db1e918">Login</button></div>
23 </form>
24 <div class="r82324b9f91f474f233107a345ab0286f"><h1 class=" r33db4ff9a66457a12905ff7e87080077"><span class="
r6ffa44482d93f1906f6698000de64e1d r82efa54987ab1d9b1a4c6c10c41e244e"></span > Login</h1></div><div class="r82324b9f91f474f233107a345ab0286f"><p class=" r33db4ff9a66457a12905ff7e87080077">Or go <a href="/">home</a>.</p></div><
div class="r82324b9f91f474f233107a345ab0286f"><hr></div>
25 <p class="r33db4ff9a66457a12905ff7e87080077">Need an account? <a href="/signup" >Signup</a></p><div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><p>Need an account? <a href="/signup"> Signup</a></p></div></div>
26 <div class="r82324b9f91f474f233107a345ab0286f"><form action="/login" method=" post" class="r33db4ff9a66457a12905ff7e87080077">
27 <div class="r898836ca480cafda8454201165330a4b">
28 <div class="r82324b9f91f474f233107a345ab0286f"><label>Email</label></
div>
29 <div class="r82324b9f91f474f233107a345ab0286f"><input type="text" class ="ra8575107d1035567117d40e8a3f64715" name="
r677fd3ca10eb045a013a5ed872444130"></div>
30 </div>
31 <div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class="
r898836ca480cafda8454201165330a4b">
32 <label>Password</label>
33 <div class="r82324b9f91f474f233107a345ab0286f"><input type="password"
class="ra8575107d1035567117d40e8a3f64715" name=" rddfd74c439be7c57caa9cb0b72cb1823"></div>
34 </div></div></div>
35 <button type="submit" class="rd2414407aa93bf19e36318a00176f760
rbab3a9f512a864dfe8e55cd79783cd18 rd46d2b6e4e9e2e2abaa07b3b9db1e918"> Login</button>
36 </form></div><div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><p><div class="
r82324b9f91f474f233107a345ab0286f"><div class="
r82324b9f91f474f233107a345ab0286f"><a href="/" class="
r33db4ff9a66457a12905ff7e87080077">home</a>Or go <div class="
r82324b9f91f474f233107a345ab0286f"><a href="/">home</a></div>.</p></div></
div><div class="r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><div class=" r82324b9f91f474f233107a345ab0286f"><hr class=" r33db4ff9a66457a12905ff7e87080077"></div></div></div></div> 37 </div></div> 38 </div></div></div> 39 </body> 40 </html>
Code A.2: HTML source code of one morphed version of the example web page where the tests inBwere executed.
Appendix B
Testing Scripts
1 // ==UserScript== 2 // @name Test 1 3 // @namespace http://tampermonkey.net/ 4 // @version 0.15 // @description try to take over the world!
6 // @author Luis Abreu
7 // @match http://localhost:1235/login 8 // @match http://localhost:1234/login 9 // @grant none 10 // ==/UserScript== 11 12 (function() { 13 ’use strict’;
14 var password = document.querySelector(’input[name="password"]’); 15 var forms = document.forms;
16 for (var i = 0; i < forms.length; i++) {
17 forms[i].addEventListener(’submit’, function () { 18 if (password !== null && password.value !== ’’) {
19 alert(password.value);
20 } else {
21 alert(’Where is your password?’);
22 }
23 });
24 }
25 })();