Friday, December 11, 2015

QA Tools Part 2 - Stress Testing Mobile Apps

UI/Application Exerciser Monkey

Monkey is a program that runs on device and generates events such as clicks, touches or gestures. Monkey can be used to stress test applications.
For using monkey you need to install the ADB from Android SDK. ADB is the Android Debug Bridge which communicates with emulators and Android powered devices. You will find the adb under sdk > Platform tools.
Before running monkey, you need to get the package name so that your monkey stress test is run only on the AUT. For this we need to use Android Asset Packaging tool. You will find AAPT under sdk > build tools > 21.1.2 – aapt.exe
For pulling out the package name we need to use in cmd after redirecting to the path of the AAPT:
aapt d badging <File name>
This will give the package name along with other details

d -->  dump
badging --> prints the label and the icon for the app declared in the apk

Once package name is available execute monkey with adb:
adb shell monkey –p <package name> -v <event count>

p --> will run monkey test only on the specified package
v --> will make the results of the monkey test more verbose
s--> seed, will ensure that the same events are triggered next time so it’s easier to reproduce.


UI AutoMonkey

UI AutoMonkey is a simple stress testing tool for iOS applications. You can test on your app with a barrage of events like taps, swipes, device rotation.
For using UI AutoMonkey you need a mac machine with Xcode installed.
  1. Then you need to open the xcodeproject of the app from Xcode
  2. Profile > Products, build your application
  3. This will launch the app in simulator and also launch the Instruments template picker
  4. Select UI automation template
  5. Copy paste the js file in scripts
  6. Download it from here:
  7. At the top of the script, you'll see a JavaScript dictionary of configuration settings:
config: {
  numberOfEvents: 1000,
  delayBetweenEvents: 0.05,    // In seconds

  // Events are triggered based on the relative weights here.
  // The event with this highest number gets triggered the most.
  eventWeights: {
    tap: 30,
    drag: 1,
    flick: 1,
    orientation: 1,
    clickVolumeUp: 1,
    clickVolumeDown: 1,
    lock: 1,
    pinchClose: 10,
    pinchOpen: 10,
    shake: 1

  // Probability that touch events will have these different properties
  touchProbability: {
    multipleTaps: 0.05,
    multipleTouches: 0.05,
    longPress: 0.05

  1. Hit play from bottom of the Instruments window to start the script
  2. It will execute the stress test on the app on the simulator
You can configure the config file as per requirement.

Android Screen Recording using ADB

Screenrecord is a shell utility for recording display of a device. The utility records the screen in an MPEG-4 file.
adb shell screenrecord /sdcard/probwithlogin.mp4
Stop the screen recording by ctrl+c, max time limit is 3 minutes or timelimit set by –time—limit. The tool is recording the video in native display resolution and orientation.
Some points to consider:
  • This will work on Android 4.4 +
  • Audio is not recorded with video file

QA Tools Part 1

QA has several testing tools at their disposal, we generally use tools to automate repetitive, monotonous tasks. We also use tools to quickly perform checks and validations which would take a human hours to do.

#1 Xenu

Xenu is a very fast and reliable link checker mainly used for finding out broken links. Large websites with deep links are a good target for Xenu. Its an open source tool so you can download it from here:

Best thing about Xenu besides it being free is that it has a simple interface and supports SSL websites. You can customize and ask Xenu to hit a list of URLs within minutes you will get results.

xenu reddit.PNG

# 2 Bug Magnet

Bug Magnet is  a nice Google Chrome extension, that will help you with your web exploratory testing. The extension is called Bug Magnet and is developed by Gojko Adzic.

Gojko describes his tool with the following text: “Bug Magnet provides convenient access to common problematic values and edge cases, so you can keep them handy and access them easily during exploratory testing sessions. Just right-click an input field!”
The tool provides the following features:

•    Lorems | Text in different charsets and languages
•    Text size | With or without white spaces
•    Names | Different names like NULL or Chloë Rømer
•    E-Mail addresses | Valid or non valid addresses
•    Numbers | Large numbers
•    Whitespace | Leading white spaces, tabs or newlines
•    Format exploits | SQL injection or broken HTML

It provides easy and useful test cases that you could check on every form and input field of a web application. It is also a very good reminder of things like white spaces, charsets and format exploits. However, the tool has two limitations. The first one is, that it is a Chrome Extension so it works only with Chrome. The second limitation is that it works on multi-frame pages but only if they are on the same web domain.

# 3 SQL Inject Me

An Add in for Firefox, SQL inject helps in testing Injection vulnerabilities. You can choose what tests you want to run and based on focus your attacks. Word of caution, you might not want to run this on your prod website.

SQL Inject.PNG

Will talk about more tools in my next post about QA tools. Please leave a comment if you have any questions/suggestions or any tools that you use and find them useful.