How does Webdriver / Selenium "talk" to your local web browser? - selenium

For example with FirefoxDriver, how is it sending out clicks and commands to the firefox instance?

It does this by having a webserver within the Webdriver addon for firefox. The language bindings then do a REST-ish type call to it to get something done, like clicks, typing etc.
You can see the REST-ish interface Here. We call it the Json Wire protocol. We also have more native events via the Advanced User Interactions API. This does more native clicks and typing, at the OS level.
Each language binding takes care of that for you so you dont need to worry about it.

Related

Handle Client side actions through JMeter (NOT through Selenium integration)

The Web Application having a list of features(Client-side actions) and These features are not captured, when I record through Jmeter/Blazemeter (NON-API (NON-HTTP) kinds of Stuff). These actions are handled through Javascript functions and .js file is not displayed in Network Tab.
So, I created the selenium scripts and integrated them with Jmeter. When I run the scripts it opens many browser instances(Headless) and performance stats get impacted.
I have to run this script with 5000 Threads. So Opening up so many browser instances is not an appropriate approach.
How to handle the client-side actions through JMeter?
As per JMeter project main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
So you need to figure out what this "client JavaScript" code is doing and replicate this functionality by:
either using a suitable JMeter Plugin
or writing your own JMeter Plugin
or simulating this client-side JavaScript using JSR223 Test Elements and Groovy language

How to implement multi-window support in my custom browser provider plugin

I've updated to testcafe v1.9.4 and I would like to make use of the new multi-windows support.
However I use a custom browser provider.
When I run a test with openWindow I get the error
Multi window mode is supported in Chrome, Chromium, Edge 84+ and
Firefox only. Run tests in these browsers to use the "openWindow"
method.
If I add the following methods to my browser provider
supportMultipleWindows: true,
getActiveWindowId(browserId) {
return this.openedBrowsers[browserId].activeWindowId;
},
setActiveWindowId(browserId, val) {
this.openedBrowsers[browserId].activeWindowId = val;
},
Then my browser will start, but no longer open the url of the page under test, it just hangs on the browser idle page.
I have not found any documentation and the Testcafe browser provider generator seems to have not been changed to document or implement multi-window support.
Therefore I'm asking here.
At this moment, this feature is at the 'beta' stage. Implementation details may be changed before the release. This is why we don't announce 'multiple windows' support for a custom browser provider and cannot give any recommendations on the implementation of this feature. Once it is released, we will consider supporting multiple windows for custom browser providers.
UPDATE: Support for multiple browser windows was released as a stable feature in TestCafe v1.11.0. Due to its complexity and a huge amount of browser-specific code, we decided to not implement support for additional browsers and custom browser providers. While there is a possibility that we will implement it some day, we do not have plans to address this in the nearest future

Selenium Jmeter differences on websocket calls

I am researching the differences between Selenium and JMeter and I stumbled across the following statement about Selenium:
Even though WebSocket might be encapsulated into a web session and
affect the browser, the user/Selenium will not realise it. So, we will
use JMeter for testing WebSockets.
which confuses me because even though Selenium can't detect that specific scenario, Selenium still uses a programming language like JAVA, hence you can still use Java to accomplish the same thing JMeter does in this case. Or am I missing something here?
I don't know what you're reading however I would recommend stopping referring this source as they don't really realize what they're talking about.
According to The WebSocket API documentation:
The WebSocket API is an advanced technology that makes it possible to open a two-way interactive communication session between the user's browser and a server. With this API, you can send messages to a server and receive event-driven responses without having to poll the server for a reply.
Selenium is browser automation framework therefore you get this WebSocket API support "for free". If you need to perform some custom use cases you can use JavascriptExecutor to call WebSocket object functions.
When it comes to JMeter:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does (it's possible to view the response as HTML etc., but the timings are not included in any samples, and only one sample in one thread is ever displayed at a time).
Therefore JMeter will not trigger any WebSocket-related events unless you use a plugin and manually open connection, send message, read response, etc.

How does reCAPTCHA 3 know I'm using Selenium/chromedriver?

I'm curious how reCAPTCHA v3 works. Specifically the browser fingerprinting.
When I launch an instance of Chrome through Selenium/chromedriver and test against reCAPTCHA 3 (https://recaptcha-demo.appspot.com/recaptcha-v3-request-scores.php) I always get a score of 0.1 when using Selenium/chromedriver.
When using incognito with a normal instance, I get 0.3.
I've beaten other detection systems by injecting JavaScript and modifying the web driver object and recompiling webdriver from source and modifying the $cdc_ variables.
I can see what looks like some obfuscated POST back to the server, so I'm going to start digging there.
What might it be looking for to determine if I'm running Selenium/chromedriver?
reCaptcha
Websites can easily detect the network traffic and identify your program as a BOT. Google have already released 5(five) reCAPTCHA to choose from when creating a new site. While four of them are active and reCAPTCHA v1 being shutdown.
reCAPTCHA versions and types
reCAPTCHA v3 (verify requests with a score): reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score, giving you the ability to take action in the context of your site: for instance requiring additional factors of authentication, sending a post to moderation, or throttling bots that may be scraping content.
reCAPTCHA v2 - "I'm not a robot" Checkbox: The "I'm not a robot" Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. This is the simplest option to integrate with and only requires two lines of HTML to render the checkbox.
reCAPTCHA v2 - Invisible reCAPTCHA badge: The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead it is invoked directly when the user clicks on an existing button on your site or can be invoked via a JavaScript API call. The integration requires a JavaScript callback when reCAPTCHA verification is complete. By default only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit your site security preference under advanced settings.
reCAPTCHA v2 - Android: The reCAPTCHA Android library is part of the Google Play services SafetyNet APIs. This library provides native Android APIs that you can integrate directly into an app. You should set up Google Play services in your app and connect to the GoogleApiClient before invoking the reCAPTCHA API. This will either pass the user through immediately (without a CAPTCHA prompt) or challenge them to validate whether they are human.
reCAPTCHA v1: reCAPTCHA v1 has been shut down since March 2018.
Solution
However there are some generic approaches to avoid getting detected while web-scraping:
The first and foremost attribute a website can determine your script/program is through your monitor size. So it is recommended not to use the conventional Viewport.
If you need to send multiple requests to a website keep on changing the User Agent on each request. Here you can find a detailed discussion on Way to change Google Chrome user agent in Selenium?
To simulate human like behavior you may require to slow down the script execution even beyond WebDriverWait and expected_conditions inducing time.sleep(secs). Here you can find a detailed discussion on How to sleep webdriver in python for milliseconds
Outro
Some food for thought:
Selenium webdriver: Modifying navigator.webdriver flag to prevent selenium detection
Unable to use Selenium to automate Chase site login
Confidence Score of the request using reCAPTCHA v3 API
Selenium and Puppeteer have some browser configurations that is different from a non-automated browser. Also, since some JavaScript functions are injected into browser to manipulate elements, you need to create some override to avoid detections.
There are some good articles explaining some points about Selenium and Puppeteer detection while it runs on a site with detection mechanisms:
Detecting Chrome headless, new techniques - You can use it to write defensive code for your bot.
It is not possible to detect and block Google Chrome headless - it explains in a clear and sound way the differences that JavaScript code can detect between a browser launched by automated software and a real one, and also how to fake it.
GitHub - headless-cat-n-mouse - Example using Puppeteer + Python to avoid detection

Automatically testing UIWebView content with Selenium

I have an iPhone application that contains a UIWebView for rendering certain UI aspects. The UIWebView content communicates with the Objective-C side through NSURLRequests. I'd like to test the UIWebView contents with Selenium so it could be automated.
The problem is the communication with the native side, as this is not supported by Selenium. Therefore, a way is needed to "fake" the Objective-C side. The UIWebView sends requests to a specific (non-existant) URL that are then interpreted by the native code and processed. When running the UIWebView's contents with Selenium, these requests will always fail.
Is there a way to somehow provide support in Selenium that would allow catching these requests and providing a dummy response, or is there a better tool for this?
Preferably, I'd also like to run the Selenium tests with Sauce Labs, or a similar Selenium service, so hacking /etc/hosts is not an option either.
Have you tried Appium? It should allow you to write WebDriver tests that invoke the UIAutomation library.