We're looking for a user researcher to understand the needs of developers and designers. Is this you or someone you know? Check out the post: https://mzl.la/2IGzdXS

Debugging and security testing with Firefox OS Redirect 1

This guide is aimed at security testers wanting to start testing Firefox OS; it will help community members audit apps and the Firefox OS platform itself. If you haven't already done so, start by reading the Firefox OS security overview; that will provide a basic background in the terminology and architecture used below.

This guide includes the following subsections:

Getting started
Covers how to get started with a desktop build of Firefox OS, and how to use Marionette to inspect and control apps running on Firefox OS.
Intercepting Firefox OS traffic using a proxy
How to use a proxy to intercept network traffic to inspect it.
Modifying Gaia
How to run B2G desktop with a custom profile, as well as how to create and install your own privileged apps.

All of our testing will happen against B2G Desktop, a native Firefox OS built for your desktop computer. Start downloading your flavor of nightly build (Linux, Mac OS, Windows) before you read any further.

Getting started

Assuming you've already downloaded B2G desktop as instructed above, you're ready to proceed, as follows.


Setting up B2G Desktop is as simple as extracting the archive and running the b2g binary:

tar xf b2g-something-something.tar.bz2
cd b2g


Open the downloaded disk image file, and copy the B2G application to your /Applications directory. Once that's done, launch B2G Desktop by clicking the B2G aplication icon. Alternatively you can launch it from Terminal as follows:



Download and extract the zip file to a convenient location. Double-click on b2g.exe to start B2G Desktop.

Note: At the time of writing, there is an issue running B2G Desktop on Windows. You might want to try the Firefox OS simulator instead.

Getting started tips

You can now play with a Firefox OS instance running in a desktop window. Go and play around: Open the browser (lower right icon) and visit a web page, or try opening a few apps. You will notice that some device-specific functionality — such as the dialer, camera, radio etc — won't work for obvious reasons.

Make yourself comfortable with B2G Desktop; be sure to read Using the B2G desktop client to learn how it works.

Now on to the real deal. We want to make JavaScript calls from inside Firefox OS.

Getting a debugging shell for Firefox OS

Marionette is based on the Selenium/WebDriver API, and provides the basis for the debugging shell we use to automate Firefox OS testing. First, set up the marionette client (written in Python) and follow the installation instructions given there.

Note: Recent tests have shown that you may have problems with certain versions of mozbase. The last known-working state of mozbase is at commit 9ee2de.

Note: Since you are using a nightly build, your b2g profile (just like in the Firefox browser, all user settings are stored within a profile) should already have Marionette enabled, via the line user_pref("marionette.defaultPrefs.enabled", true); in gaia/profile/prefs.js. If not, you might be using the wrong build.

At this point, you might be thinking of spinning up a Python console, importing the marionette-client library and creating a debugging session, but we can do something else: Stefan Arentz has created a simple JavaScript console that runs on top of the marionette-client library. So, let's download fxos-repl.py.

For our example, we will remotely control the Browser app. Start it by clicking the browser icon in the Firefox OS home screen's lower right with your mouse. Is the B2G binary showing the browser app? Good. The following commend will return a list of URLs representing the different apps we've got running, and allow us to start debugging them:

$ python fxos-repl.py list

Now let's connect to the browser app and examine it:

$ python fxos-reply.py connect app://browser.gaiamobile.org/index.html
Connected to app://browser.gaiamobile.org/index.html

Let's use the document.querySelector() API to find a <menu> tag with the ID toolbar-start, and view its HTML:

>>> document.querySelector("menu#toolbar-start").outerHTML
<menu type="toolbar" id="toolbar-start">
        <form id="url-bar" novalidate="">
          <input id="ssl-indicator" value="" type="image">
          <input id="url-input" placeholder="Enter search or address" data-l10n-id="enter-search-or-address" x-inputmode="verbatim" type="text">
          <input style="background-image: url(&quot;style/images/go.png&quot;);" id="url-button" value="" type="image">
        <span id="tabs-badge">1<span id="more-tabs">›</span></span>
        <button id="awesomescreen-cancel-button"></button>
        <div id="throbber"></div>

Does it look familiar? It's the toolbar that contains the address bar and the new tab button!

Let's use our shell to simulate a click on the new tab button. Its ID is tabs-badge.

>>> document.querySelector("#tabs-badge").click()

The new tab UI should show now. Let's try something else:

>>> alert(location.href)

Now go play!

Document Tags and Contributors

Last updated by: Sheppy,