feedgen VS Playwright

I don't know if its quite up your ally, but on the "CVE discoveries" aspect I co-host a twice a week podcast: https://dayzerosec.com

The last one I'll kinda separate a bit, I cohost two episodes a week of dayzerosec. We summarize and discussion vulnerability and exploit write-ups from the past week. While it might be hard to follow some of the technical details passively at times, I do think there is value is the summaries and seeing how vulns are popping up in the real world. Usually trying to break it down in a way that you could apply and hunt for the same issue elsewhere. The two episodes are broken up with high-level "bug bounty" style issues on the Monday episode, and binary-level vuln research (occasionally hardware) on Tuesdays. The focus is more on keeping up with trend and novel ideas/research rather than learning the basics.

If you're most on the technical and vuln/exploitation side of things, I co-host a podcast: Dayzerosec where we just take a look at vulnerability write-ups and research from the last week or so. Summarizing them, sharing our own thoughts about discovery or exploitation.

And I've been doing this for work on my own weekly podcast where we talk about our favorite vulnerability write-ups from the past week: https://dayzerosec.com

@Dayzerosec on most platforms - https://dayzerosec.com

Dayzerosec - https://dayzerosec.com - I'm a cohost this one, twice a week podcast summarizing and discussing vulnerability and exploit write-ups from the past week. The exact discussions vary based on whatever interested us in the write-up, from discovery or patching, to exploitation issues or whatever. One episode is about more bug bounty style issues and the other weekly episode is more for binary level exploitation and vulnerabilities.

I'll shoutout my own podcast, https://dayzerosec.com, two episodes a week.

Right now the solutions are just on the podcast (https://dayzerosec.com) and not written down. As the vulns are just the prestream content not something I usually link to as a group (though I'll probably change this in the near future)

I co-host a podcast, https://dayzerosec.com where we discuss writeups and vulns from the past week. The discussion varies, we always try to break down the technical details, and then discuss whatever interests us, discovery/testing, exploitation, patching, sometimes disclosure policy and the like.

dayzerosec, we do two episodes a week (currently on a break until september though) one is focused on binary-level vulnerabilities and exploitation. While its not absolute beginner friendly, we try and break down the vulnerabilities every week to make them more digestible, and share our own thoughts on discovery and exploitation. And we take questions from chat which is more beginner friendly.

Playwright, an end-to-end test runner;

We start with a project that was bootstrapped with npx create-next-app. For the E2E test we use Playwright and set it up as described in the testing guide provided by Next.js.

Playwright is a powerful tool developed by Microsoft, it allows developers to write reliable end-to-end tests and perform browser automation tasks with ease. What sets Playwright apart is its ability to work seamlessly across multiple browsers (Chrome, Firefox, and WebKit), it provides a consistent and efficient way to interact with web pages, extract data, and automate repetitive tasks. Moreover, it supports various programming languages such as Node.js, Python, Java, and .NET, that’s making it a versatile choice for web scraping projects. Whether you're scraping public data for analysis, building a web crawler, or automating manual workflows, Playwright has you covered.

The consensus I could gather is either use playwright or use a workaround to solve it in the puppeteer layer. The root cause of the bug is a websocket size limitation on the CDP protocol for chromium.

With the advent of tools like Puppeteer and now Playwright, end-to-end testing has become much easier and more reliable. For anyone who's used Selenium in the past, you know what I'm talking about. Puppeteer has opened the way in terms of E2E tooling, but Playwright has taken it to the next level and made it easier to await for certain selectors or conditions to be fulfilled (via locators), thus making tests more reliable and less flaky. Also, it's a game changer that it introduced a test-runner - this made the integration between the headless browser and the actual test code much smoother.

In this tutorial, our main focus will be on Playwright web scraping. So what is Playwright? It’s a handy framework created by Microsoft. It's known for making web interactions more streamlined and works reliably with all the latest browsers like WebKit, Chromium, and Firefox. You can also run tests in headless or headed mode and emulate native mobile environments like Google Chrome for Android and Mobile Safari.

// playwright.config.ts import { defineConfig } from "@playwright/test"; /** * See https://playwright.dev/docs/test-configuration. */ export default defineConfig({ testDir: "./src/pages", reporter: "list", use: { baseURL: "http://localhost:5432/", }, timeout: process.env.CI ? 10000 : 4000, // ... more options });

Issues with Playwright

Fast and reliable end-to-end testing for modern web apps | Playwright

This means you cannot place test files outside of this directory, which was brought up as a question on Github some time ago. Initially, I thought it would be nice to add another folder in the repo called "scripts", but Playwright does not allow multiple testDir values.