Hi, I am trying to create an assert (fluid assert) to validate http.has_user_enumeration()
the app I am testing is using Amazon Cognito for authentication.
(short diagram on how cognito works)
when I enter the user name and password and submit the form, the WEB-APP then makes a XHR to authenticate with the Cognito service.
(the information sent using post XHR, is not the same as the one entered into the login field, is encrypted)
I need to find a way to capture the XHR request / response (It has the token required to consume the service)
Is there a way in python / python-selenium to capture XHR request?
ps: I already have the http.has_user_enumeration() asserts, however the token is on the source code (it can change over time ) that’s why I need a Dynamic way to retrieve the response token.