How to do basic authentication for the request in web load performance tool?
You are doing the right thing, but need to change the order - move the Password and username settings above the wlHttp.Post command.
Add before calling the post command
//StartAuthentication
wlHttp.OverrideAuthorizationHeader = true;
wlHttp.Header["Authorization"] = "Basic XXXXXX";
//EndAuthentication
Related
I need to hit a post request to an API service which requires a session id along with other parameters in its post request field in order to get the required information.
I am using Postman to test this API.
I would like to know how to send a 'session id' in a post request when using Postman?
I am aware of pre-request script in Postman, but I am unaware of how to use the variable in post request.
In Postman native app:
Turn on the Interceptor.
Go to Headers
Key: Cookie
Value : sessionid=omuxrmt33mnetsfirxi2sdsfh4j1c2kv
This post is bit old but I want to still answer incase someone else is looking for an answer.
First, you need to see if intercepter is enabled in the toolbar, it is present one step away from sign-in
If does not not get enabled when you click on it, you can install extension. I think there is one for Chrome. Go ahead and add the extension.
After that you can go back to Postman and enable intercepter
You will be able to see cookies in postman and at this point you can add _session_id
I hope this will help.
Thanks,
Hit inspect on the site you are working on, when logged in
On your Chrome/browser, go to application - cookies.
Copy your PHPSESSID.
On postman headers Key: Cookie
Value: PHPSESSID=dsdjshvbjvsdh (your key)
For standalone Postman app
You can use global variables in postman. First in the Tests tab of the first request set the session as global variable:
var a = pm.cookies.get('session');
pm.globals.set("session", a);
It might be 'session_id' as well (check in the headers of your first request) instead of session. To check if this variable is set, after you do your first request, go to the gear icon and click on globals.
Then go to your second request -> Headers and for key add 'Cookie' while for value add 'session={{session}}'
Side note: be careful not to save keys that are used by your framework or they might be deleted for some reason.
On your browser:
Open the developer tools (right click and Inspect).
Go to Application Tab > Storage > Cookies.
Open your site Cookie and copy the Name and Value.
In Postman 8+:
In your Request tab, go to Headers.
Click in the eye icon to see the hidden headers.
Click in the "Cookie" link that is in the top right corner.
In the "Manage Cookies" popup, select your domain, click on "+Add" button, or edit the existent cookie.
Paste the values that you copy from the browser. The complete value will look like PHPSESSID=f20nbdor26v9r1k5hdfj6tji0p; Path=/;
Click on "Save", and close the popup.
Select Tests Section below the Request URL
if(postman.getResponseHeader("authorization")!==null)
{
postman.setGlobalVariable("token","Bearer " + postman.getResponseHeader("authorization") );
}
Here u can use SessionId to get SessionId from Header and put in global variable .
How to specify a user id and password for Visual Studio Code with an authenticating proxy?
I've seen the Proxy Server Support on the main VS Code site, but this only mentions two settings ...
"http.proxy": "http://10.203.0.1:5187/"
"http.proxyStrictSSL": false
I've set these, but still no luck, e.g. I can't install extensions ... can't even get a list of them
I suspect it's our proxy, as it needs a user id and password :-(
So how can you set these values?
Set credentials inside the proxy url:
http://username:password#10.203.0.1:5187/
WARNING: Setting your password in plaintext in a file can easily lead to your account being compromised. Further it might violate your companies data security guidelines. https://cwe.mitre.org/data/definitions/256.html
If you don't want to store your credentials in the settings file, fiddler can be used to proxy the call to the proxy. Furthermore, I believe the above only works for proxy servers using basic authentication, the following should work for NTLM.
VSCode Open Settings File:
%APPDATA%\Code\User\settings.json
add the following:
{
"http.proxy": "http://127.0.0.1:8888",
"http.proxyStrictSSL": false
}
Fiddler Confirm fiddler settings:
Fiddler Ensure Fiddler set to automatically authenticate:
VSCode Extensions should now be online:
Update
This is now no longer required following implementation of PR #22369 which was implemented in version 1.15 Proxy server authentication.
In my case I still needed to add:
"http.proxyStrictSSL": false
My favorite response here is David Martin's suggestion of using Fiddler. But in case that is not something you want to undertake, below is how to set your credentials for the proxy.
To specify DOMAIN + username + password: (It will likely not work with a slash, so use %5C in the place of the slash as shown below)
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
"https.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
To specify just username + password:
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://username:password#proxy_name_or_ip:port",
"https.proxy": "http://username:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
The venerable CNTLM could help you. You give it your credentials, tell it about the upstream proxy, run it on your local machine, then point VS to the proxy at http://localhost:3128.
http://cntlm.sourceforge.net/
It's a handy solution for any application that doesn't support authenticated proxies.
I really like the solution David Martin posted (further below) using Fiddler, however I wanted to figure out how to use http.proxyAuthorization and here is my solution considering you are OK to have credentials saved in base64 encoded format in the settings.json file.
WARNING: Saving credentials in base64 encoded format is certainly better than plain text, however consider base64 encoding as obfuscation not an encryption and the account can still be compromised - use at your own risk. Consider modifying the ACL of the settings file to reduce read access to it.
Step 1: Encode your credentials using the code below:
var s = #"DOMAIN\user:pass";
var bytes = System.Text.Encoding.UTF8.GetBytes(s);
Console.WriteLine(Convert.ToBase64String(bytes));
RE9NQUlOXHVzZXI6cGFzcw==
Step 2: Update VS Code settings by adding http.proxyAuthorization using the base64 encoded value from above:
{
"https.proxy": "https://internal-proxy.corp.net:8080",
"http.proxyAuthorization": "Authorization: Basic RE9NQUlOXHVzZXI6cGFzcw=="
}
Step 3: Secure the settings.json by updating it's ACL
Since you have stored credentials in the file to increase the security you can modify the ACL of the settings file by removing the local administrators group - make sure only you can read this file. I used the following PowerShell script to remove the local admin group for example:
#Requires -Version 5.1
# PowerShell 5.1 min version required for the code below
$settings = "$env:appdata\Code\$env:username\settings.json"
$acl = (Get-Item $settings).GetAccessControl('Access')
$acl.SetAccessRuleProtection($true,$true) # removes the ACL inheritance
$accesToRemove = $acl.Access | ?{ $_.IsInherited -eq $false -and $_.IdentityReference -eq 'BUILTIN\Administrators' }
$acl.RemoveAccessRule($accesToRemove)
Set-Acl -AclObject $acl $settings
Please take ref to this article.
https://taeguk.co.uk/blog/working-in-visual-studio-behind-the-firewall/
Let’s assume my NTLM login is DOMAIN\User Name and my password is P#ssword!
The format for the credentials needs to be DOMAIN\User Name:P#ssword!, but you need to URL Encode the user name and password.
A simple online URL encoded can translate your username and password to: DOMAIN%5CUser%20Name and P%40ssword!.
Piece all this info into a single string like so: http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881
Then add this into your User Settings in File, Preferences against the "http.proxy" value:
// Place your settings in this file to overwrite the default settings
{
"http.proxy": "http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881"
}
"http.proxy": "http://DOMAIN//USER:PASSWORD#wsg.test.com:8080".
Do not forget to add the port.
Use the below command and replace the username,password and ip address of you proxy:port
PS C:\Users\rathakrishnan> npm config set proxy http://username:password#172.18.10.27:3128
PS C:\Users\rathakrishnan> npm install -g #angular/cli
in Visual Studio Code (my version is 1.32.3) you write a request, i.e.
### my request
GET https://defdomain.prefix.com/app/resource
Authorization: bXl1c2VyOnVzZXIyMkBwYXNzd29yZA==
Wherefore the Authorization header is of type "Basic base64encoded" and consists of
myuser:user22#password (username:usercredentials) base64 encoded. Thats all.
Title sums it up fairly well.
Said site has cookies, I need to post data from a textbox as a value on said site, and get one of two variables back. I was reading through some tutorials and a few Windows phone 7 books. None of them were related to what I was trying to do. They only dealt with single whole files or something that could be made into a URL. I could also do it that way if someone had a way to also use cookies and just send it as a url [but i do not know how to construct the url in such a way to make that a realistic solution].
You should be able to send cookie's using code like:
CookieContainer container = new CookieContainer();
container.Add(new Uri("http://yoursite"), new Cookie("name", "value"));
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://yoursite");
request.CookieContainer = container;
request.BeginGetResponse(new AsyncCallback(GetData), request);
Code borrowed from HttpWebRequest and Set-Cookie header in response not parsed (WP7)
If the server is expecting to use cookies (e.g. for authentication) then there is no way that you'll be able to use form variables/query parameters instead.
You need to use a tool called Fiddler to inspect the calls that the website currently makes - this will include a mixture of:
cookie variables - especially for authentication
get variables - passed within the url path
and post variables - passed within the body of the request
If you do need to do a full POST, then you will need to set variables like - request.Method and request.ContentType - and you will need to brovide a RequestStream. There are libraries you can use like HAMMOCK to help - or I've got some example code in iron7 - see the DoCodePost method at the botom of this uploader class - or take a look at lots of other projects on CodePlex and GitHub.
Can you recommend a good HTTP Debug Recorder and Autoresponder?
I usually use fiddler's autoresponder, but it does not enable rules to be set by POST information, only by querystring.
Fiddler can absolutely return automatically generated responses based on the content of a POST body, you simply cannot do it with the UI. Click Rules > Customize Rules, and enter your script inside the OnBeforeRequest handler.
if (oSession.uriContains("postpage.aspx") &&
oSession.utilFindInRequest("mypostname=value"))
{
oSession["x-replywithfile"] = "C:\\fakeresponse.htm";
}
For complex stuff, I'd recommend http::recorder and www::mechanize (PERL modules) see this article for an example.
But for simpler stuff, I use curl and/or a quick PHP script
HTH
C.
Is it possible to perform a HTTP Request with specific header fields (like 'referer', 'cookies' or 'User-Agent') using Windows Script Host or any other Windows scripting technology??
Thanks.
Yes (VBScript) :-
Dim oWinHTTP
Set oWinHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
oWinHTTP.Open "GET", "http://remoteserver/thing.ext", False
oWinHTTP.SetRequestHeader "User-Agent", "My Agent String"
oWinHTTP.Send
Using WinHttp gives you the greatest level of control, you can use MSXML2.ServerXMLHTTP.3.0 if you want more effeciently access any XML DOM sent. Using the standard MSXML2.XMLHTTP.3.0 component goes throught WinINet at gives you the users proxy settings and cookie store etc, but reduces your control over the conversation.
Can we set the request header like Cache-control : 'max-age =10000' using jsp / java?
Actually I want to see the previous page with old data on click of browser's back button only if user comes back to this page with in a specified time , say 10 minutes.
Thanks,
Anurag