Detect broken SSL or insecure content warning with Selenium, BrowserStack, & Node.js

StackOverflow https://stackoverflow.com/questions/18539599

  •  26-06-2022
  •  | 
  •  

Question

I'm trying to setup some automated testing using Browserstack's Selenium and their Node.js driver. I want to check if the page is showing any insecure content warnings when accessing the URL via HTTPS.

Is there a way to detect that in Selenium? If one browser does it easier than another that's fine.

Was it helpful?

Solution

Here are a few different ways to detect this using Selenium and other tools:

  • iterate through all links and ensure they all start with https:// (though via Selenium, this won't detect complex loaded content, XHR, JSONP, and interframe RPC requests)

  • automate running the tool on Why No Padlock?, which may not do more than the above method

  • utilize Sikuli to take a screenshot of the region of the browser address bar showing the green padlock (in the case of Chrome) and fail if not present (caveat of using this in parallel testing mentioned here

There is also mention here of the Content Security Policy in browsers, which will prevent the loading of any non-secure objects and perform a callback to an external URL when encountered.

UPDATE:

These proposed solutions intend to detect any non-secure objects being loaded to the page. This should be the best practice for asserting the content is secure. However, if you literally need to detect whether the specific browser's insecure content warning message is being displayed (aka, software testing the browser vs your website), then utilizing Sikuli to match either the visible existence warning messages or the non-existence of your page's content could do the job.

OTHER TIPS

Firefox creates a log entry each time it runs into mixed content, so you can check the logs in selenium. Example:

driver = webdriver.Firefox()
driver.get("https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/simple-example.html")

browser_logs = driver.get_log("browser")

and, in browser_logs look for 

{u'timestamp': 1483366797638, u'message': u'Blocked loading mixed active content "http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js"', u'type': u'', u'level': u'INFO'}
{u'timestamp': 1483366797644, u'message': u'Blocked loading mixed active content "http://googlesamples.github.io/web-fundamentals/samples/discovery-and-distribution/avoid-mixed-content/simple-example.js"', u'type': u'', u'level': u'INFO'}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top