I am testing ReactJS application for performance perspective with Jmeter tool
After executing Login feature, Response data in "View Results in Tree" shows following:
JavaScript seems to be disabled in your browser. You must have JavaScript enabled in your browser to utilize the functionality of this website.
Related
I am using rest-assured dependency in my project for testing API's with selenium.
Can anyone guide me why basically we use rest-assured dependency in API testing ? (Tried finding the answer from my seniors who developed our project framework and online, i couldnt get any answer why are we using this, it would help me if anyone guides me with the reason ?)
And what are the other ways to do API automation using selenium ?
why should we use them ? (in comparison with rest-assured ?)
Thank you.
Selenium is not typically used for REST API testing. Selenium is a tool that can control web browser. Despite a web browser is a sort of HTTP client, it is very specific client that is intended for browsing web and maintain high level of user security. The above puts certain degree of restriction of what you can and cannot do with the browser. For example:
You can only fire GET request from the address bar
You can do POST request using HTML form but you have to have an HTML page with the form and fixed set of parameters
You can overcome the above if have the page with any javascript client so that you can configure different requests configurations
Points 2 and 3 basically mean you have another level of communication in your framework and that level has to be properly maintained. That's because Web Browser is not naturally intended for interacting with API. But only with very narrow part of what HTTP can offer (again we can overcome that restriction by javascript code executed within the browser but that would be another level of complexity).
RestAssured is pure HTTP client with some handy and neat functionality allowing to easily manipulate with requests and responses. So it allows to fire any type of requests supported by HTTP protocol, parse responses responses and verify them (often all in a single statement).
The latter is naturally designed for interacting with REST API, does not introduce extra levels to your tests, does not have limitation like the browsers have.
Recap
The below schema demonstrates the difference of having your API tests implemented in both approaches:
Selenium case:
Selenium binding lib -> Web Driver -> Browser -> API GET (rarely others - need to maintain special file for that)
Rest-Assured case:
Rest-Assured lib -> API ANY SORT OF REQUESTS
P.S. - In the same way as RestAssured handles API case much effectively than Selenium, Selenium handles Web Testing in much more effective way than RestAssured since the latter cannot neither control browsers nor even execute JAvaScript code. That is why we have two such a powerful and great tools each of which perfectly serves the needs it naturally designed for.
Just because Rest-Assured (RA) is a code-based tool to test API. It supports:
make HTTP(s) request
extract value from response
assert response
Selenium is tool to control web browser, it CANNOT do API testing.
I don't know why you compare Selenium to Rest-Assured. They are 2 different tools that serves 2 different purposes.
The Web Application having a list of features(Client-side actions) and These features are not captured, when I record through Jmeter/Blazemeter (NON-API (NON-HTTP) kinds of Stuff). These actions are handled through Javascript functions and .js file is not displayed in Network Tab.
So, I created the selenium scripts and integrated them with Jmeter. When I run the scripts it opens many browser instances(Headless) and performance stats get impacted.
I have to run this script with 5000 Threads. So Opening up so many browser instances is not an appropriate approach.
How to handle the client-side actions through JMeter?
As per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
So you need to figure out what this "client JavaScript" code is doing and replicate this functionality by:
either using a suitable JMeter Plugin
or writing your own JMeter Plugin
or simulating this client-side JavaScript using JSR223 Test Elements and Groovy language
I want to e2e test a website like when a user visits it with disabled javascript and/or some scripts blocked.
cypress.io does not (officially) support testing websites with disabled JS so therefore one can not e2e test what users would see in case they are securely visiting the website without JS enabled.
Nightmare JS seems to support it via browser options to disable JS for each Nightmare instance but I haven't tried its performance yet.
Any suggestions for a 2e2 testing tool that allows my scenario to be tested?
Some testing frameworks do not support this scenario when JavaScript is disabled because they inject their scripts in the tested pages and run them during the test execution. For instance, TestCafe requires JavaScript to inject its scripts.
I'm curious how reCAPTCHA v3 works. Specifically the browser fingerprinting.
When I launch an instance of Chrome through Selenium/chromedriver and test against reCAPTCHA 3 (https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php) I always get a score of 0.1 when using Selenium/chromedriver.
When using incognito with a normal instance, I get 0.3.
I've beaten other detection systems by injecting JavaScript and modifying the web driver object and recompiling webdriver from source and modifying the $cdc_ variables.
I can see what looks like some obfuscated POST back to the server, so I'm going to start digging there.
What might it be looking for to determine if I'm running Selenium/chromedriver?
reCaptcha
Websites can easily detect the network traffic and identify your program as a BOT. Google have already released 5(five) reCAPTCHA to choose from when creating a new site. While four of them are active and reCAPTCHA v1 being shutdown.
reCAPTCHA versions and types
reCAPTCHA v3 (verify requests with a score): reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score, giving you the ability to take action in the context of your site: for instance requiring additional factors of authentication, sending a post to moderation, or throttling bots that may be scraping content.
reCAPTCHA v2 - "I'm not a robot" Checkbox: The "I'm not a robot" Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This is the simplest option to integrate with and only requires two lines of HTML to render the checkbox.
reCAPTCHA v2 - Invisible reCAPTCHA badge: The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead it is invoked directly when the user clicks on an existing button on your site or can be invoked via a JavaScript API call. The integration requires a JavaScript callback when reCAPTCHA verification is complete. By default only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit your site security preference under advanced settings.
reCAPTCHA v2 - Android: The reCAPTCHA Android library is part of the Google Play services SafetyNet APIs. This library provides native Android APIs that you can integrate directly into an app. You should set up Google Play services in your app and connect to the GoogleApiClient before invoking the reCAPTCHA API. This will either pass the user through immediately (without a CAPTCHA prompt) or challenge them to validate whether they are human.
reCAPTCHA v1: reCAPTCHA v1 has been shut down since March 2018.
Solution
However there are some generic approaches to avoid getting detected while web-scraping:
The first and foremost attribute a website can determine your script/program is through your monitor size. So it is recommended not to use the conventional Viewport.
If you need to send multiple requests to a website keep on changing the User Agent on each request. Here you can find a detailed discussion on Way to change Google Chrome user agent in Selenium?
To simulate human like behavior you may require to slow down the script execution even beyond WebDriverWait and expected_conditions inducing time.sleep(secs). Here you can find a detailed discussion on How to sleep webdriver in python for milliseconds
Outro
Some food for thought:
Selenium webdriver: Modifying navigator.webdriver flag to prevent selenium detection
Unable to use Selenium to automate Chase site login
Confidence Score of the request using reCAPTCHA v3 API
Selenium and Puppeteer have some browser configurations that is different from a non-automated browser. Also, since some JavaScript functions are injected into browser to manipulate elements, you need to create some override to avoid detections.
There are some good articles explaining some points about Selenium and Puppeteer detection while it runs on a site with detection mechanisms:
Detecting Chrome headless, new techniques - You can use it to write defensive code for your bot.
It is not possible to detect and block Google Chrome headless - it explains in a clear and sound way the differences that JavaScript code can detect between a browser launched by automated software and a real one, and also how to fake it.
GitHub - headless-cat-n-mouse - Example using Puppeteer + Python to avoid detection
I am new to Golang. And I am looking for automating signup, login processes in a web app. Please suggest a good tool like Selenium and how can I implement it in the go language.
I want to do the following process automatically using Golang:
Start a browser. Currently, I'm using https://github.com/skratchdot/open-golang
Auto entry on the signup page and auto-submit a form.
Login check for the registered user. Everything needs to be done automatically for more users.
You can also use Playwright for Go, which is a wrapper for the Playwright project. Playwright provides a single API to automate Chromium, Firefox, and WebKit to automate browsers which was created by Microsoft. With it you interact with the sites, record videos, make screenshots, and emulate other browser specific behaviour.
If you are going to use GO for web automation testing - Selenium is a good option. Still it's nothing more than a library that allows you to interact with browsers. So you are going to need to develop your own framework or reuse someone already implemented.
My advice is to consider Agouti, since it supports Ginkgo BDD and xUnit Gomega. Everything else is pretty much the same from architectural perspective. You can design it like any other language binding. There are common patterns that appear over and over again in browser automation frameworks, like
PageObjects: A simple abstraction of the UI of your web app.
LoadableComponent: Modeling PageObjects as components.
BotStyleTests: command-based approach
Another good resource for building your Test framework is the xunitpatterns guide. It gives a great content overview of the patterns, smells and refactoring strategies you can use. Also look at this test frameworks tutorial. It'll help you choose the most proper solution for your case.
My guess is that you are going to need some CI server support for
everything needs to be done auto for more users.
Here is a good article how-to achieve this with TravisCI.
update:
you can use Selenium for Golang