PhantomJS
PhantomJS is a discontinued headless browser used for automating web page interaction. PhantomJS provides a JavaScript API enabling automated navigation, screenshots, user behavior and assertions making it a common tool used to run browser-based unit tests in a headless system like a continuous integration environment. PhantomJS is based on WebKit making it a similar browsing environment to Safari and Google Chrome (before Chrome's fork of WebKit evolved into Blink). It is open-source software released under the BSD License.[2]
Original author(s) | Ariya Hidayat |
---|---|
Developer(s) | Ariya Hidayat |
Initial release | January 17, 2011 |
Stable release | 2.1.1[1]
/ January 24, 2016 |
Repository | |
Written in | C++ |
Type | Headless browser |
License | BSD[2] |
Website | phantomjs |
History
PhantomJS was released January 23, 2011 by Ariya Hidayat after several years in development.[3]
The first commit to the public project was in 2011.[4]
The logo commonly used to pictorially refer to PhantomJS is a fluorescent blue ghost atop a black background. This refers to the lack of graphical user interface, or main body of the browser, making PhantomJS users seem like ghosts.
In March 2018, the development of PhantomJS was suspended due to lack of active contributions.[5]
PhantomJS usage
The PhantomJS JavaScript API can be used to open web pages, take screenshots, execute user actions, and run injected JavaScript in the page context. For example, the following code will open Wikipedia and, upon loading, will save a screenshot to a file and exit.
console.log('Loading a web page');
var page = require('webpage').create();
var url = 'http://en.wikipedia.org/';
page.open(url, function (status) {
console.log('Page loaded');
page.render('wikipedia.org.png');
phantom.exit();
});
Tools using PhantomJS
CasperJS
Shortly after the release of PhantomJS, Nicolas Perriault wrote CasperJS, a suite of libraries on top of PhantomJS that extend its capabilities as a client for automated web page testing. CasperJS and PhantomJS have become valuable enough that similar projects have started to adopt the API as a standard way of interacting with headless browsers.[6][7]
Companies using PhantomJS
- Twitter used QUnit and PhantomJS for unit testing as of 2015.[9]
- LinkedIn used PhantomJS based tools for performance testing as of 2011.[10]
- Netflix used Sketchy, a headless browser built with PhantomJS, to understand what it’s doing without having to visit the site as of 2014.[11]
- Time Warner Cable used PhantomJS with CoffeeScript, Jasmine, and JUnit XML for Jenkins continuous integration as of 2012.[12]
Other uses for PhantomJS
PhantomJS was made for programmatic control of web sites and has been used for many purposes from visual differencing of websites[13] to automated testing of JavaScript frameworks.[14]
Server rendering of client-side JavaScript
With the rise of client-side JavaScript and the SEO problems that practice presents, developers turned to PhantomJS as a way to pre-render static HTML for initial requests.[15][16] Despite the performance impact of such an approach, it remained one of the simplest ways to improve SEO without rewriting a web application, spawning services trying to automate the process.[17]
Malicious use of PhantomJS
Because PhantomJS is runnable without a UI, scriptable via JavaScript, and relatively adherent to modern browser specifications, it is commonly used as a way to automate attacks against web sites.[18] PhantomJS mimics legitimate user traffic and can complicate attack mitigation technologies. PhantomJS can also be used to automatically verify logins across disparate web sites[19] (credential stuffing), compounding the problems that arise after a site is breached and usernames and passwords are leaked.
References
- "Releases · ariya/phantomjs". GitHub. Retrieved 21 April 2017.
- "phantomjs/LICENSE.BSD at master · ariya/phantomjs". GitHub.
- "don't code today what you can't debug tomorrow". ariya.blogspot.com. Retrieved 20 July 2015.
- "ariya/phantomjs". GitHub. Retrieved 20 July 2015.
- "Archiving the project: suspending the development". ariya/phantomjs. Github. 2018-03-03.
- Laurent Jouanneau. "FaQ - SlimerJS". slimerjs.org. Retrieved 20 July 2015.
- "trifleJS". trifleJS. Retrieved 20 July 2015.
- Marcel Duran. "YSlow - Official Open Source Project Website". yslow.org. Retrieved 20 July 2015.
- "Leo Lanese on Twitter". Twitter. Retrieved 20 July 2015.
- phegaro. "LinkedIn Mobile: How do we do it?". SlideShare. Retrieved 20 July 2015.
- Michael Mimoso. "Netflix Open Source Security Tools Solve Range of Challenges". threatpost.com. Retrieved 20 July 2015.
- "one year of wandering headlessly". ofilabs.com. Retrieved 20 July 2015.
- "Huddle/PhantomCSS". GitHub. Retrieved 20 July 2015.
- EisenbergEffect. "Docs - Testing with PhantomJS and Jasmine - Durandal". durandaljs.com. Retrieved 20 July 2015.
- "Short story about rendering HTML, client side vs server side". eshlox. Retrieved 20 July 2015.
- Aaron O'Connell (22 April 2014). "Sever-Side Rendering of Single Page Apps using PhantomJS and Node.js". 42floors.com. Retrieved 20 July 2015.
- "BromBone - SEO for your AngularJS, EmberJS, or BackboneJS website". Brombone.com. Retrieved 20 July 2015.
- "DDoS Attack Used 'Headless' Browsers In 150-Hour Siege". Dark Reading. Retrieved 20 July 2015.
- "Logging in to Amazon using PhantomJS". GitHub Gists. Retrieved 20 July 2015.