iMacro: JavaScript loops with variables

iMacro is a cool firefox plugin able to record and play macros on the browser.

It can be used as a functional testing tool, like Selenium ( although Selenium is really better ), or as a showcase/annoying operation tool.

Today I faced it for the first time with the need to bomb URLs progressively, some bombing kinda like:

GET /news/1 GET /news/2 GET /news/3 for 16K urls¹.

Basically, what I needed was a loop with a variable.

Unfortunately, iMacro doesn’t natively support for loops, but has bridges for any kind of language ( VBS, PHP, JavaScript… ) so I only needed to use a JS script ( which can be direcly run on iMacro’s web interface):

for (i = 0; i < N; i++)
  iimSet('-var_ID', i);

the BombingIsCoolMacro simply goes to an URL with the imported variable ( ID ):


Hi there! I recently wrote an ebook on web application security, currently sold on leanpub, the Amazon Kindle store and gumroad.

It contains 160+ pages of content dedicated to securing web applications and improving your security awareness when building web apps, with chapters ranging from explaining how to secure HTTP cookies with the right flags to understanding why it is important to consider joining a bug bounty program.

Feel free to skim through some of the free chapters published on this blog and, if the content seems interesting enough to you, grab a copy on leanpub, the Amazon Kindle store, gumroad or simply checkout right down below!

Buy the Web Application Security ebook for $9.99

In the mood for some more reading?

...or check the archives.