8

I have been trying for a while to figure out how to enter username and password in the popup-window in this exercise:

http://pentesteracademylab.appspot.com//lab/webapp/digest

but I am entirely new to Selenium in Python. I found out how to click the button, so that the login form pops up:

from selenium import webdriver
from selenium.webdriver.common.keys import Keys
driver = webdriver.Firefox()
driver.get("http://pentesteracademylab.appspot.com//lab/webapp/digest")
driver.find_element_by_css_selector('button').click()

but I cannot figure out how to access that window, let alone the fields in it. I have read about switch_to_frame and switch_to_window. For windows there is the window_handles showing you active windows to switch to, but this only returns a single element, which I believe is the main window, not the pop up. I also tried

alert = driver.switch_to_alert()

to no avail. The problem is that I do not know either which kind of object the popup is (frame,window,alert or something else), and I cannot find any names referring to it in the HTML code for the webpage.

Can anyone take me a step further?

Improve this question

2 Answers 2

Reset to default
11

Pass the authentication step by accessing the following URL:

http://username:[email protected]/lab/webapp/digest/1

See also:

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Ah, OK! Thank you! That changes the whole approach entirely. Does that mean that I cannot access the popup? Is the popup somehow not visible to Selenium by any standard approaches?
@String yeah, this kind of popup cannot be accessed via selenium. The provided solution helps to avoid the popup being shown in the first place.
Great! Yes, I inferred that from the URL :)
Any idea why this doesn't work on Chrome/Windows? The same url works on OSX.
@gplayer interesting, not sure, could you please elaborate it into a separate question including all the necessary details? Thanks.
|
1

With Selenium version 4.0+ there is a new and more secure way to handle basic authentication. I'm using chrome so I will explain my solution using chrome driver, there should be similar way using another browser

Username = input("Your username: ")
Password = input("Your password: ")

driver = webdriver.Chrome()
driver.execute_cdp_cmd("Network.enable", {})

credentials = base64.b64encode(f"{Username}:{Password}".encode()).decode()
headers = {"headers": {"authorization": "Basic " + credentials}}

driver.execute_cdp_cmd("Network.setExtraHTTPHeaders", headers)
driver.get("http://pentesteracademylab.appspot.com//lab/webapp/digest")

The accepted solution above is working until now. But there is a security concern/issue because the webserver will log everything without encoding the user and password. Therefore, if the webserver is compromised and the hacker will most likely see the log, then boom they know your username and password.

Please see the official documentation for alternative method and different language: https://www.selenium.dev/documentation/webdriver/bidirectional/chrome_devtools/cdp_endpoint/#basic-authentication

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.