Unable to get security token for Jmeter - jmeter

I am trying to do some basic performance testing on an app I look after.
I am using Jmeter and done the steps recorder and the same as following Jmeter tutorials on youtube, but I am getting stuck when I need put the variable into the X-CSRF-Token
The issue is I cant find X-CSRF-Token in the captured steps. Is it using some other form of authentication? Any suggestions for me as to other methods would be great.
If the post doesn't make much sense, I don't really have an in-depth knowledge of Jmeter or testing.

To find where the token appeared:
clear browser history
record your scenario using jmeter recording template
then in the view result tree located un HTTP(s) Test Script recorder, use the search field to find the first response in which it appears. You’ll need to add an extractor in the corresponding sampler
you ‘ll then be able to inject it using ${varName}

Depending on your server configuration this X-CSRF-Token can come in:
In the response HTML body
In the response headers, inspect HTTP Header Manager for any hard-coded values
As a HTTP Cookie (which is basically a header as well, however it will be much more convenient to get it from the HTTP Cookie Manager rather than from response headers)
So make sure to inspect all the tabs of the first request in the View Results Tree listener as this X-CSRF-Token guy can hide anywhere.
You can try an alternative way of recording a JMeter test, it can export test in "SmartJMX" mode with automatic detection and correlation of any dynamic parameters including but not limited to CSRF tokens so theoretically it can make your life easier, check out How to Cut Your JMeter Scripting Time by 80% guide for more information and technical details.
If you need further help you will have to provide more details, like full dump of 2 requests along with responses. You can use a sniffer tool like Wireshark or Fiddler to capture it.

Related

Page Redirect ErrorPage.aspx

I am executing performance tests in the Jmeter. However, I am an issue in response data. It's showed the following message:
1|#||4|58|pageRedirect||%2fDFE_PT%2fErrorPage.aspx%3fOriginId%3d637772668313066879|
Meantime, the page contains two IDs that is changed each iteration on the page. I've configured and controlled those IDs through regular expression. I do not get because this message is being displayed. This is displayed in all requests.
Has someone any tip to overtake this issue?
Make sure that the JMeter Variables which are coming from the Regular Expression Extractors really contain the anticipated values, you can do this using Debug Sampler and View Results Tree listener combination.
If the variables have the values perform the further cross-check of the network footprint of your JMeter test and the real browser.
Capture the request(s) which is being sent by the browser using browser developer tools (or maybe even better a sniffer tool like Fiddler or Burp)
Do the same for the request(s) which is(are) being sent from JMeter
Compare everything:
URL
Headers
Request body
all should be the same (apart from dynamic parameters which need to be correlated)
Given JMeter will be sending the same request as browser does - you will get the same response.

Response message: Unauthorized in Jmeter

I'm new to using Jmeter tool.
I have recorded my application using blazemeter (v3.1) and then trying to run that .jmx file in Jmeter, however I am running into an authorization issue and the script fails to run.
I have also tried setting my "HTTP Authorization Manager" with username, url, password but it does not help. If anyone can, please guide me on this Issue. Thanks.
As per 4 Things You Should Never Do with Your JMeter Script article:
Don’t run the script exactly as you recorded it
After recording your script, there is still some work to do before you run it. It’s necessary to correlate variables, parameterize and add elements, to faithfully simulate users.
There are too many ways of possible authentication implementation in your application, most probably you need to send some dynamic value along with credentials which can be fetched from the previous request.
Record your test scenario 2 times and compare recorded requests. Be careful as differences might be in response headers and URL, not only in response data. It makes sense to add View Results Tree listener directly to HTTP(S) Test Script Recorder - this way you will be able to see what data is captured by JMeter and amend its configuration so simulated request would look exactly like the request from the real browser.

Capture WebDriver requests in Jmeter

One of the services I gonna test using Jmeter has complex authorization mechanism that requires some CS-based steps (JavaScript). So, to set up a session, I have to use WebDriver as Jmeter can't (and actually shouldn't) process JS.
I do it in the following way: at the beginning of each thread I open the resource in real browser (via Jmeter WebDriver plugin), complete authorization, store browser cookies that was set up by server and then use these cookies to generate load using standard Jmeter logic within defined HTTP-session.
This schema works fine and I successfully use it in different load tests.
But now the service I test requires not only cookies but also some important parameters that browser sends in POST as a part of authorization process. To prove that my requests belong to the same session, I should extract some sensitive parameters not from response (it can be easily done) but from request.
I can't find these values stored anywhere in DOM and it seems like these values are generated by JS attached to response page.
So, my question is: is there a way to capture parameters from request sent by WebDriver?
I understand that all requests done by browser initiated in Jmeter are not visible to it. And the only idea I see is to use Jmeter request recorder dynamically:
Open browser window.
Define Jmeter as a proxy for this browser.
Capture requests sent by browser in Jmeter using recorder.
Somehow extract sensitive data from requests.
Use the data to generate load.
Any ideas appreciated. Thanks in advance!
Solved the issue by running local proxy server (BrowserMob Proxy project) using BeanShell sampler. I retarget the WebDriver Sampler to this proxy, perform required actions using browser, then store captured data in HAR format and process it (extract required data from requests). Then just store valuable request parameters in variables (or properties) and use them in a regular way in HTTP sampler to generate load. Hope it can help anyone else in future.

Jmeter POST request from recording does'nt effect the webpage but getting passed

I have recorded the steps of creating user using badboy. i have tried the same script using Jmeter. All steps getting passed, but its not effecting. I mean Jmeter is not creating the user in the webpage. Badboy is able to create the user.
Please guide me.
JMeter isn't smart enough to automatically do the test for you.
First of all you'll need HTTP Cookie Manager to simulate browser cookies, deal with sessions, cookie-based authentication, etc.
Also the majority of web applications use kind of page-level state-management mechanisms like VIEWSTATE which can be vital
And finally your user creating request may be missing some mandatory dynamic parameters which are being passed along with the request.
The answer to points 2 and 3 is correlation - the process of extracting dynamic values from page, storing them to variables and re-using them in next requests. JMeter offers several options for this called Post Processors, the most commonly used are:
Regular Expressions Extractor
XPath Extractor
CSS/JQuery Extractor
JSONPath Extractor (available via plugin)
I would suggest to record your use case several times, inspect what values are being sent using View Results Tree Listener, detect those, which are dynamic, use extractors above to fetch dynamic data and add corresponding variables to your user-creating HTTP Request.
Hope that it's clear.
D.

Save response from certain WEB resources while recording scenario

I need to create scenario for user interaction with single-page WEB application. The application does lots of AJAX calls in order to authenticate user and get user data.
So I created simple scenario with HTTP Test Script Recorder and tried to record my script.
Everything went well, however I noticed that whilst request data is recorder properly, the response data is not recorder at all. I tried to enable Add assertions and Regex matching - but that didn't work as well.
Can you please advice how do I record response texts as well?
View Results Tree under proxy will record request, responses during recording.
This is useful to understand where a dynamic field comes from. This will help your find from which response X you need to extract data to inject in request X+N.
I think you may find this option useful to add in user.properties:
proxy.number.requests=true
This will give a number to each request and corresponding sampler so you will be able to find response for the request.
Once you have done this, you will start adding Post Processors (Regex, CSS/JQuery, XPAth ...) to Sampler X to extract data from its response.
This will create variables you can then use as ${varName} in request X+N.

Resources