Are You Sick Of Typing While Testing?

14 Jan 2025 - karit

TL;DR Tools like keyboard macros or Streamdecks can help you test and remove friction points. If there are common bits of text you type a lot, there are ways that don’t involve alt-tabbing back to your notes file and copying and pasting all the time.

Background

I have seen people using Streamdecks for live streaming, having all the Teams/Zoom buttons handy during a meeting or Photoshop shortcuts. While I was at CHCon recently I was helping with AV and had my first hands-on experience with a Streamdeck & got to see one in action.

This got me thinking about how a Streamdeck could help my day-to-day workflows.

The Tools

I have grabbed myself a Streamdeck & using the StreamController UI for managing it and setting it up. The tool needs to be running, as nothing is stored on the Streamdeck itself. That being the case the security is similar to a notes file on your computer, as the computer needs to be running for it to work. Additionally, you can lock the Streamdeck when your computer locks so you can’t type into the password field & press the eye view button.

Something I haven’t dug into too much is programming macros on the keyboard itself. (Looking at everyone with a fancy mechanical keyboard that has macro support (Don’t worry I have an ErgoDox EZ)). This has the benefit that it is available all the time & available before login. Though the macros are saved on the keyboard, so if you move the keyboard you can get the contents of the macros out.

I am not endorsing any particular tool or product, these are just tools I have used and have experience with.

How these can help with Pen Testing

One thing that comes up a lot is logging into websites. Particularly when doing role-based access control bouncing between multiple users. I have set up some keys to type username and password for multiple combinations. This speeds things up without me having to alt-tab back and copy & paste from my notes file.

Also when writing reports or doing quality assurance I have common snippets I often use so I can have those set up with a button press to help type them out to save me time.

This autotyping can be helpful when testing involves locked-down remote desktop systems that do not allow copy and paste. You can queue up the usernames, passwords, malicious test strings or URLs.

Macros can also be used to capture build scripts. A colleague was testing an Intune deployment for a laptop. This included a build script that included a password, but it ran and deleted itself quickly. Using a keyboard macro, which could type very fast, meant that they could copy the script and gain access to the password in the script. In this case, a keyboard shortcut macro can be helpful as will work without any libraries etc.

Scripting Tools

I have personally done things that I use over and over again on my Streamdeck. There are also tools like Selenium or AutoHotKey. These are more scripting tools, which I don’t use for day-to-day tasks. I don’t use them as they have a larger setup time and often only serve a singular purpose. However, they do come in handy if you want to automate a Proof of Concept (PoC) quickly. Driving a web browser can often be quicker to PoC than understanding all the requests, redirects, JavaScript, etc and writing a script. Especially with Selenium has a IDE for recording your actions in a Web Browser.

Tools like AutoHotKey also have the ability to replicate mouse interactions so if you have a locked-down Remote Desktop you drive it from your host computer, to demo that cool breakout you figure out.

Parting thought

Don’t just hack the computers, hack and improve your workflows as well.

– karit 2025