This is a framework initially designed to test and automate the authentication process for web applications, and by now it has evolved and can be used for all kinds of stateful HTTP processes. It abstracts the client-server information exchange as a finite state machine. Each step comprises one request with inputs, one response with outputs, arbitrary actions to do on the response, and conditional links to other stages. Thus, a graph-like structure is created.
Raider defines a DSL to describe the client-server information exchange of arbitrary complexity. It can be infinitely extended since its configuration file is written in real code and not just static files.
You can automate complex workflows by linking Flows between each other and defining the starting flow as a pointer for a FlowGraph. From the command line, you can then run either one single Flow, a FlowGraph (follow Next links till the end or upon Success/Failure) or a combination of those.
Raider’s configuration is inspired by Emacs. Hylang is used, which is LISP on top of Python. LISP is used because of its “Code is Data, Data is Code” property. With the magic of LISP macros generating configuration automatically becomes easy. Flexibility is in its DNA, meaning it can be infinitely extended with actual code. LISP macros can be used to autogenerate pieces of code and automate parts of your workflow.
You can use it for example to create, store, reproduce, and share proof-of-concepts easily for HTTP attacks. With Raider you can also search through your Projects, filter by hyfile, Flows, FlowGraphs, etc… Then you run either just one step, or a chain of steps, so you can automate and run tests on any HTTP process.
You can also search through your Projects, filter by hyfile, Flows, FlowGraphs, etc… Then you run either just one step, or a chain of steps, so you can automate and run tests the HTTP process.