I have a password parameter inside of http authorisation manager But I would like to encrypt it first rather than just putting a plain password.
What would be a solution?
If your aim is to avoid having a plain password in jmx file, then you can pass it on command line using:
-Jpassword=mypassword
And in plan use function __P:
${__P(password)}
Otherwise, you can use a variable and use in a setup thread group a Flow Control Action that will contain a JSR223Preprocessor that will decrypt the password and create a property using:
props.put("password", decryptedPassword)
You can then just use the password using :
${__P(password)}
You cannot, JMeter's JMX test scripts are basically XML files so everyone will be able to guess the password by opening the file in the text editor.
If you put decryption logic somewhere in the test plan then everyone will be able to call the function and decrypt the password.
I would recommend going for __env() function (it's a part of Custom JMeter Functions bundle, can be installed using JMeter Plugins Manager) so the password will be read from your operating system environment variable, this way is more secure and continuous integration friendly.
Related
I have the client id, tenant id, and endpoint URL for an application. I need to fetch the client's secret id from the azure key vault for authorization purposes in JMeter. I have found a custom JMeter function GetSecret can retrieve the secret value.
Can someone please tell me how to use that function in JMeter?
First of all you need to install the custom plugin
Download jmeter-plugins-azure-load-testing-stub-x.x.x.jar from here and drop the .jar under /lib/ext folder of your JMeter installation
Restart JMeter to pick the .jar up
Once done you should be able to use __GetSecret() function just like any other JMeter Function, i.e. here is the screenshot of the Functions Helper Dialog
I want to make a request at the beginning of my test plan to get an auth token which will be sent with all the requests in my test plan. Is there a way to store the password required to get that auth token without other users being able to access it?
There is no such a thing as "BlazeMeter test plan", there is JMeter Test Plan which is basically XML file hence it is not possible to "securely" store passwords there because it will be saved as the plain text and everyone will be able to download it and see the password.
You can use __P() function in the test plan to read the password from a JMeter Property.
Once done for local executions you will be able to set the password via -J command-line argument like:
jmeter -Jpassword=secret -t test.jmx ...
In BlazeMeter test execution you can use JMeter Properties section to define the desired value of the password property
I have a user flow (create base64 header auth > register request > Register > login > sending data) which I want to run simultaneously (100 users).
If I use the Thread Properties as it is, it will run in asynced way.
Examples:
User 3 will try to login with token of user 1, user 40 will register with registration header created for user 24 and so on..
Token for login extracted from base64 process,
another token is extracted from 'register-request' and used as variable in 'registration' header.
I want first user to register with token created in first register-request and login with token created in base64 process, and so on for next users.
Is there a way to do so?
Normally JMeter virtual users store variables in the thread-local storage so given your test plan design is good each thread (virtual user) should use its own header.
Not knowing the details of how your header is generated it's hard to say what's wrong, I would recommend using Debug Sampler and View Results Tree listener combination and double check the header value (and any interim variables) - hopefully you will be able to determine the cause. If not - you will need to share the test plan somewhere somehow.
Other things to consider:
If your application requires Auhtorization header in form of username:password encoded into Base64 you actually don't need to generate the header manually, you can use HTTP Authorization Manager which automatically generates and adds the relevant header to the requests. Check out How to Use HTTP Basic Authentication in JMeter article for more details if needed.
There is __base64Encode() function which you can use for encoding a custom string into Base64, the function can be installed as a part of Custom JMeter Functions bundle using JMeter Plugins Manager
Suppose there are some web sites that require people to type in his or her username and/or password to pass through the authentication dialog to get the actual contents behind it. When people encounter such web sites on a browser he or she can type in his or her username and/or password to pass through the authentication. However, is it feasible to verify it from within Terminal?
The content there is a single zip file, and I was able to download it using curl and -u option to specify my username. However, it still requires me to type in my password to pass through the authentication, and I would like to know how to automatically go through it using my password, without being prompted to type in my password, since I have to download it every day, and want to use my bash script to achieve it.
I use OS X 10.9.2 and I would like to access it from within my Terminal. I have both of my username and password on the authentication for sure. I might be interested to know the most secure way possible to pass through the verification.
You should be able to use curl for this, just change the argument you give for -u to include the password:
curl -u username:password http://www.website.com/content/file.zip
Obviously this requires storing your password in plaintext in your script, which is not ideal for security. If you have SSH access to the server in question, you can create a private/public key pair, then use the public key to log into the server without a password being required (and download the file using scp), which would ideal from a security point of view.
Does anyone know how to access the username and password from the Login Config Element in jMeter inside of a BeanShell?
I am trying to access the Login Config Element from and HTTPRequest also. I need to have the password saved with the dot overlay so that it is secure for my companies use. I want to access them from an HTTPRequest so that I don't have to put the username and password in cleartext. Then I want to access it in a BeanShell Post script so that I can change the password before the Simple Data Writer writes the HTTP request output to a file.
Thus far I have been unable to find any useful information on how to do this.
I have tried this script so far which does replace the password written in the Simple Data Listener file but I still have to put it in clear text and I would prefer to put a variable or use a function to access the variable.
import org.apache.jmeter.protocol.http.sampler.HTTPSampleResult;
import java.lang.String;
prev.setHTTPMethod(prev.getHTTPMethod().replace("password","*********"));
Have you checked out the Jmeter API to see if it lists how the username/password are being stored? (it may not)
If the API can't help you, you may be able to do a debug sampler and see if the username/password are being stored as variables/properties.
Beanshell samplers can access both variables and properties.