Skip to content
/ headless-form-demo Public

A runnable example that demonstrates how to use VGS to fill out a form with sensitive data using headless drivers (i.e. puppeteer, selenium, etc.)

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vgs-samples/headless-form-demo

BranchesTags

Repository files navigation

VGS Logo

Browser bot with VGS proxy

Sample of using Puppeteer with VGS alias to auto fill web forms

Instructions for using this App

This demo app demonstrates a use case using users' redacted credentials or credit card information to autofill web forms.

demo-form-bot

Requirements

VGS base setup

  1. Go to VGS dashboard, create a new vault in your organization
  2. Setup a new outbound route with wildcard .* as upstream to allow all traffic
  3. Setup a default inbound route and use it to create aliases for your test credentials
  4. Copy the sandbox TLS certificate in Code snippets to your app folder

Run the app

  1. Clone this repository and go to the folder
  2. Install all dependencies npm install
  3. Replace the code below with your TLS cert path, vault id and proxy user credentials:
    page.on('request', interceptedRequest => {
            const tunnelingAgent = tunnel.httpsOverHttp({
                ca: [ fs.readFileSync('sandbox-cert.pem')],
                proxy: {
                    host: '<vault it>.sandbox.verygoodproxy.com',
                    port: 8080,
                    proxyAuth: '<username>:<password>'
                }
            });
            const options = {
                uri: interceptedRequest.url(),
                method: interceptedRequest.method(),
                headers: interceptedRequest.headers(),
                agent: tunnelingAgent,
                body: interceptedRequest.postData()
            };
  1. Replace the code below with your VGS aliases for test personal credentials
    await page.type('input[name=username]', 'tok_sandbox_8rVSERS1WKtC2H3a2mJABY');
    await page.type('input[name=email]', '[email protected]');
    await page.type('input[name=password]', 'tok_sandbox_t3TqVDEgkkhofo8BA6xraz');
  1. Replace the code below with your 2Captcha token
    puppeteer.use(recaptchaPlugin({
        provider:{
            id: '2captcha',
            token: '<2Captcha token>'
        },
        visualFeedback:true
    }));
  1. Turn on logger in VGS dashboard
  2. Run node puppeteer-demoform.js

VGS reveal route setup

  1. Go to logger and filter requests by method post to find the request to submit that form

  1. Use Secure this payload in logger and establish filters for sensitive fields in payload

  1. Run the app again and find the corresponding request to submit the form in logger, you will find the VGS aliases have been revealed to the original credentials

About

A runnable example that demonstrates how to use VGS to fill out a form with sensitive data using headless drivers (i.e. puppeteer, selenium, etc.)

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages