search

SAP / project-foxhound

A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
GNU General Public License v3.0
80 stars 15 forks source link

Browser Automation with Playwright #109

Open thelbrecht opened 1 year ago

thelbrecht commented 1 year ago

Hello, while testing out the Foxhound browser, I found that one can easily extend it using the open-source patch provided by the Playwright project, to make it work using Playwright. Granted, while it only is an older Firefox (98.0.2) and it only supports an older Playwright version (testing with v1.12 in NodeJS), I believe it is still beneficial for research purposes.

I currently host a fork with the applied patch in my account, located at https://github.com/thelbrecht/project-foxhound. Is this an interesting feature to be merged in the main repository?

Keeping the Playwright version up to date should also be possible provided the people behind Playwright publish patches for their respective firefox build as they currently do. So it is likely that future releases of Foxhound will also work with newer playwright versions.

tmbrbr commented 1 year ago

Integration of Playwright is a great idea to improve browser automation for large scale studies!

The concern I have about integrating the playwright patches into the Foxhound repo directly is the additional maintenance overhead (for example when updating to a more recent firefox version).

My current idea is to keep Foxhound aligned with a certain playwright version so that their patches will always be applicable for a given version. We started a wiki page on how to build with Playwright enabled here:

https://github.com/SAP/project-foxhound/wiki/Playwright-Integration

Let me know what you think or if we missed anything!

thelbrecht commented 1 year ago

Thank you for your response. I totally missed the wiki page for that, sorry. It might be helpful for other users, if the main page of the wiki or the repository readme would list that usage with playwright is possible (and/or link to the wiki page).

I understand your concern with the maintenance overhead, maybe an extra branch or fork might be interesting, for making building easier for users? But that would also require patching (when foxhound updates) and potentially make later foxhound updates difficult (if it is already patched for playwright).

So apart from providing an up-to-date wiki page, I now also do not think it is feasible to maintain a separate code base. But nevertheless, I think that this feature should be also noted more prominently since it is very useful (at least to me).