Categories
javascript python selenium

Easiest way to pass info out of a Selenium WebDriver?

I am trying to use Selenium’s WebDriver to automate the testing of a security tool I’m developing. Specifically, I am attempting to inject js payloads into a HTML page via reflected XSS. In order to test the fitness of the payloads, I need to verify that the scripts actually run.

I have been largely successful in doing this by having XSS payloads call a specific function which passes information to my python program with one of the following methods:

  1. Creating new elements in the DOM and finding them with the WebDriver python API (find_elements_by_class_name, etc.)
  2. Setting the window title in js and reading it via driver.title
  3. Creating dialogs/prompts in js and handling them via driver.switch_to_alert()

However the above are all pretty hacky and slow (especially method #1 if the desired element does not exist I’m stupid and had my implicit wait really high, but I still don’t like the method of creating dom elements to pass strings). Also, the last option fails pretty consistently if there are multiple alerts.

I wanted to retrieve variable values via driver.execute_script(script) however my scripts seem unable to actually read values, as stuff like ‘return window.name’ always returns None. That being said, I don’t expect execute_script() to be the fastest method, since it has to perform a lot of overhead in executing said script.

What is the fastest way to pass runtime information from inside a browser context to the controlling python program? I don’t need to send much info, maybe a few kb at the most, so a cookie value could suffice but the browser’s URL probably wouldn’t.