Getting around 2 factor authentication

[Brent Mundt]

My uses for selenium require logging into a site that has two step authentication for users. Every time I start a browser with selenium, the site treats it as a new computer/browser and requires me to go through two step verification. This verification sends the user an email and requires entering a key from that user. Is there a way to start the broswer with selenium but make it think it is just the normal browser?

[Krishnan Mahadevan]

Brent,

One of the things that a 2FA does is, drop a cookie in your browser using which the web application identifies if a given machine is a known one or a new machine and that's how the web application triggers the 2FA.

You can try creating a new WebDriver session by using a firefox profile. [ Launch firefox with a new firefox profile manually, mark  the machine as a known machine by inputting the 2FA code and then close the browser ] . Now copy the firefox profile directory to your test code and use it to start a new webdriver session. This would cause firefox to use all the cookies that are stored in the given profile.

The catch with this is that this solution is confined to firefox and wont work for IE and Chrome.

On the other side, you can just enhance your test code that would leverage JavaMailAPI (Assuming you are using Java), wherein you would trigger a 2FA, fetch the code from the mail using the JavaMailAPIs and then input that everytime into your flow.

This would ensure that your test would now work seamlessly against both Chrome and IE as well.

Pick which works for you

 

Thanks & Regards
Krishnan Mahadevan

"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/

My Technical Scribbings @ http://rationaleemotions.wordpress.com/

On Sat, Aug 1, 2015 at 7:14 AM, Brent Mundt <brmu...@gmail.com> wrote:

My uses for selenium require logging into a site that has two step authentication for users. Every time I start a browser with selenium, the site treats it as a new computer/browser and requires me to go through two step verification. This verification sends the user an email and requires entering a key from that user. Is there a way to start the broswer with selenium but make it think it is just the normal browser?

--
You received this message because you are subscribed to the Google Groups "Selenium Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selenium-user...@googlegroups.com.
To post to this group, send email to seleniu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-users/6f125a5a-2d0b-470c-84a7-abd561bd0913%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David]

And as Krishnan mentioned, if it is cookie based, perhaps you can figure out what that cookie is and see if you can recreate it to fake the new browser session as an existing one. But that may or may not be feasible. The mail API route is more straightforward.

On the bright side, at least your 2FA is by email. Could be worse if it was by SMS or a mobile app verification. Then you'd need an SMS API (typically not free & have to bind the test config to an actual phone #), or some mobile app automation to integrate with Selenium.