# Pynt for Playwright
### What is Playwright?
{% hint style="info" %}
💡 Playwright is a powerful framework for automating modern web applications across Chromium, Firefox, and WebKit. It is widely used for E2E testing, providing rich features like headless mode, multiple browser support, and network interception. Playwright is ideal for simulating real-world user behavior in CI environments.
{% endhint %}
#### Pynt’s Integration with Playwright
As part of its dynamic API security suite, Pynt integrates with Playwright by observing the traffic generated during test execution. By running Playwright tests behind Pynt’s proxy, the APIs invoked during test flows are captured and analyzed for vulnerabilities.
***
> Pynt works by intercepting HTTP(S) traffic. It launches your test script with a local proxy and then analyzes the captured API interactions.
***
### Configuring Proxy in Playwright
When `RUNNING_FROM_PYNT=true`(set automatically by Pynt CLI, you will need to export it for Pynt Binary) you should configure the browser to route traffic through Pynt’s proxy with the following configuration:
```javascript
launchOptions.proxy = {
server: 'http://127.0.0.1:6666',
bypass: '<-loopback>'
};
```
And ignore TLS errors :
```javascript
const launchOptions = {
headless: false,
args: ['--ignore-certificate-errors']
};
```
Here's a Java Script example with all configurations:
```js
(async () => {
const useProxy = process.env.RUNNING_FROM_PYNT === 'true';
const launchOptions = {
headless: false
};
if (useProxy) {
launchOptions.proxy = {
server: 'http://127.0.0.1:6666',
bypass: '<-loopback>'
};
}
const browser = await chromium.launch(launchOptions);
const page = await browser.newPage();
// Actual playwright test here ...
await context.close();
await browser.close();
})();
```
***
### Example: Running Pynt against DVWA
DVWA (Damn Vulnerable Web Application) is a good demo target for Pynt + Playwright integration.
This example shows how to setup DVWA and run a short playwright test with **Pynt** to find the **MySQL Injection vulnerability**
1. **Run DVWA locally via Docker**:
```bash
docker run -it --rm -p 80:80 vulnerables/web-dvwa
```
2. **Download DVWA Playwright files**:
* [test.js](https://raw.githubusercontent.com/pynt-io/pynt/refs/heads/main/DVWA%20examples/Bitbucket/test.js) - the test script
* [package.json](https://raw.githubusercontent.com/pynt-io/pynt/refs/heads/main/DVWA%20examples/Bitbucket/package.json)
3. **Setup:**
```bash
npm install
npx playwright install
```
4. **Run Pynt:**
```bash
pynt command --cmd "npm run test" --captured-domains "*localhost*"
```
The scan should look like this:
Pynt scan in progress
### Understanding the Results
Once your test finishes, Pynt will scan all APIs it observed during the Playwright test session. The results Will look like this:
Pynt report showing the MySQL Injection
***
### 💬 Need Help?
For further assistance, visit the Pynt CLI Troubleshooting Guide or ask the community on Pynt Community Support.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.pynt.io/documentation/security-testing-integrations/pynt-with-testing-frameworks/pynt-for-playwright.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
