🔘Pynt for Playwright
Integrate Pynt with Playwright to enable automated API security testing alongside your end-to-end browser tests.
What is Playwright?
Pynt’s Integration with Playwright
As part of its dynamic API security suite, Pynt integrates with Playwright by observing the traffic generated during test execution. By running Playwright tests behind Pynt’s proxy, the APIs invoked during test flows are captured and analyzed for vulnerabilities.
Pynt works by intercepting HTTP(S) traffic. It launches your test script with a local proxy and then analyzes the captured API interactions.
Configuring Proxy in Playwright
When RUNNING_FROM_PYNT=true
(set automatically by Pynt CLI, you will need to export it for Pynt Binary) you should configure the browser to route traffic through Pynt’s proxy with the following configuration:
launchOptions.proxy = {
server: 'http://127.0.0.1:6666',
bypass: '<-loopback>'
};
And ignore TLS errors :
const launchOptions = {
headless: false,
args: ['--ignore-certificate-errors']
};
Here's a Java Script example with all configurations:
(async () => {
const useProxy = process.env.RUNNING_FROM_PYNT === 'true';
const launchOptions = {
headless: false
};
if (useProxy) {
launchOptions.proxy = {
server: 'http://127.0.0.1:6666',
bypass: '<-loopback>'
};
}
const browser = await chromium.launch(launchOptions);
const page = await browser.newPage();
// Actual playwright test here ...
await context.close();
await browser.close();
})();
Example: Running Pynt against DVWA
DVWA (Damn Vulnerable Web Application) is a good demo target for Pynt + Playwright integration.
This example shows how to setup DVWA and run a short playwright test with Pynt to find the MySQL Injection vulnerability
Run DVWA locally via Docker:
docker run -it --rm -p 80:80 vulnerables/web-dvwa
Download DVWA Playwright files:
test.js - the test script
Setup:
npm install
npx playwright install
Run Pynt:
pynt command --cmd "npm run test" --captured-domains "*localhost*"
The scan should look like this:

Understanding the Results
Once your test finishes, Pynt will scan all APIs it observed during the Playwright test session. The results Will look like this:

💬 Need Help?
For further assistance, visit the Pynt CLI Troubleshooting Guide or ask the community on Pynt Community Support.
Last updated