JMETER 403 when uploading a file but needs to be logged in - jmeter

So I am trying to test the file upload function of this website: http://the-v.net/en/vtube/upload-video through JMETER but to be successful, the user has to be logged in through this form: http://the-v.net/login, Now, I think this is a parameter-based authentication which could be solved by defining a valid username and password in the HTTP Authorization Manager config element, but even doing so I keep getting this error:
Thread Name: Thread Group 1-1
Sample Start: 2018-01-30 20:11:06 CST
Load time: 1373
Connect Time: 214
Latency: 1167
Size in bytes: 19151
Sent bytes:134
Headers size in bytes: 768
Body size in bytes: 18383
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 403
Response message: Forbidden
Response headers:
HTTP/1.1 403 Forbidden
Date: Tue, 30 Jan 2018 12:11:06 GMT
Server: Apache/2.4.23 (Win64) PHP/5.6.25
X-Powered-By: PHP/5.6.25
X-Drupal-Cache: MISS
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: public, max-age=900
X-Content-Type-Options: nosniff
Content-Language: en
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 7 (http://drupal.org)
Link: <http://the-v.net/en/vtube/warning>; rel="canonical",<http://the-v.net/en/vtube/warning>; rel="shortlink",<http://the-v.net/sites/all/themes/vtube17/favicon.png>; rel="shortcut icon"
Etag: "1517314266-0"
Last-Modified: Tue, 30 Jan 2018 12:11:06 GMT
Vary: Cookie,Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
Any idea on how can I solve this? Thanks

I would suggest you record the upload in the browser and look in View Results Tree the headers/ coookies that are transmitted.
You can use File > Template. > Recording
Read:
http://jmeter.apache.org/usermanual/jmeter_proxy_step_by_step.html
You are most probably missing:
A header
A cookie
A parameter

You need to be logged in in order to be able to upload anything. HTTP Authorization Manager won't help as it is designed to deal with protocol level authentication and you need cookie-based one.
Add HTTP Cookie Manager to your Test Plan
Pay attention to form_build_id dynamic parameter you need to pass along with credentials during login request
So your test plan should look like:
1st HTTP Request - open login page
Post-Processor (i.e. CSS/JQuery Extractor to fetch form_build_id
2nd HTTP Request - perform login - provide credentials and the form_build_id from the previous step. You will also need to pass form_id parameter with the value of MYFORM_form
3rd HTTP Request - perform the upload.

Related

How to Capture the API's ?if API's have no end points and just showing baseUrls

I need help or any suggestion. I have no idea how to do it?
Request URL: https://www.vizofly.com/NTU/Stress/StreamingAssets/Schools.json
Request Method: GET
Status Code: 200 (from disk cache)
Remote Address: 172.66.43.59:443
Referrer Policy: strict-origin-when-cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6d4c32aacdb1926d-FRA
content-encoding: br
content-type: application/json
date: Fri, 28 Jan 2022 18:14:00 GMT
etag: W/"1261-61f2caaf-3e2d8e;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Thu, 27 Jan 2022 16:39:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v3?s=aVZAHndifoZtrY0MH3O1WlauF71saxbdUuS7eBS0tReoUi5fGDG3zSlxFCTvbIwJxvGeVeiQyjT%2FVIUWKfUpxNbRT1jUi%2F9VEOvJnaBBRtJKapsW8RBKeLUxqP%2FusLzYEHQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM https://www.ntu.edu.sg
If you're asking about how to configure JMeter to send the request:
Add Thread Group to your Test plan
Add HTTP Request sampler and set it up like:
You may also want to add HTTP Cache Manager to represent browser cache, HTTP Cookie Manager to automatically handle cookies and so on in order to configure JMeter to behave more like a real browser

How to debug "Response Code 500 Internal server error" in J-Meter 4.0?

I am getting "Response code 500 - Internal Server Error" for a performance test run in Apache J-Meter 4.0 for a recording of a simple test done over VPN. I am new to this tool and want to know how I can investigate this. As reference, I am mentioning the sampler result error that I am getting.
Sampler Result:
Thread Name: Thread Group 1-1
Sample Start: 2018-06-11 13:21:56 IST
Load time: 1941
Connect Time: 1700
Latency: 1941
Size in bytes: 2301
Sent bytes:2145
Headers size in bytes: 594
Body size in bytes: 1707
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 500
Response message: Internal Server Error
Response headers:
HTTP/1.1 500 Internal Server Error
Date: Mon, 11 Jun 2018 07:51:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1707
Connection: keep-alive
Set-Cookie: AWSALB=ZS1nnfJyJ+Wk5NEu/FmWGmiRWfEQPnfiywAN8b8f8De6AjOYDrh0nWRVVcsQeBanayjPnpp1IxhjK34EipQB4m/lsAZgdKJ4mgUDDS+Yep8atzWucMNdYTw0oIdB; Expires=Mon, 18 Jun 2018 07:51:58 GMT; Path=/
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'self'
Vary: X-HTTP-Method-Override
X-Content-Type-Options: nosniff
X-Powered-By: Express
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
In the majority of cases you will not be able to successfully replay recorded scenario without modifications.
Add HTTP Cookie Manager to your test plan
Detect all dynamic parameters and perform correlation
Also looking into AWSALB cookie my expectation is that your application under test "hides" behind Amazon Elastic Load Balancer so make sure to add DNS Cache Manager to your Test Plan.
If you still experience problems you can try catching the requests which is being sent by JMeter and by the real browser using a sniffer tool like Wireshark or Fiddler - the requests should be exactly the same (apart from dynamic parameters mentioned in point 2).

Response code: 400 Bad Request Error in Jmeter 4.0. Need assistance in fixing this error

I am using JMeter 4.0 for recording & running performance tests. I am also fairly new to this tool and for the 1st time, I'm getting Error 400 Bad request for which all the tests are failing. I am recording a website through VPN & trying it to run the test the same way as I did before.
Can you please help me with this. I can provide additional screenshots and details as & when you say required.
Sampler Result:
Thread Name: Converse_Chat_No 1-1
Sample Start: 2018-06-06 14:29:19 IST
Load time: 1313
Connect Time: 1104
Latency: 1313
Size in bytes: 1639
Sent bytes:1982
Headers size in bytes: 554
Body size in bytes: 1085
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 400
Response message: Bad Request
Response headers:
HTTP/1.1 400 Bad Request
Date: Wed, 06 Jun 2018 08:59:22 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1085
Connection: keep-alive
Set-Cookie: AWSALB=hCxbUY5Kq+Vdfv1jhO/JGeLqCqRHT281vZy+T4LFgJCRnItYwGILJLnD3KPsv5wYlVGiy85bYqVH75PSlLNCLcPPDTDtgGHoXAKbw9T8QoT6WPxPm6qVI4tyG7H1; Expires=Wed, 13 Jun 2018 08:59:22 GMT; Path=/
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Origin: *
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Powered-By: Express
HTTPSampleResult fields:
ContentType: text/html; charset=utf-8
DataEncoding: utf-8
As per 400 Bad Request description:
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server could not understand the request due to invalid syntax.
The client should not repeat this request without modification.
So most probably you're sending malformed requests which server doesn't understand.
The only troubleshooting technique I can think of is recording requests which real browser sends using a sniffer tool like Fiddler or Wireshark and comparing them to what JMeter sends. The requests should be the same (apart from dynamic data which has to be correlated)
As soon as you amend your JMeter test plan to 100% match requests which are being sent by the real browser it should start working. Don't forget about Cookies and Headers.

Required test plan for chat application using JMeter

I am getting a Response code 401 and Response Message as Unauthorized while recorded script through JMeter
Sampler Result
Thread Name: Thread Group 1-1
Sample Start: 2016-07-19 14:40:53 IST
Load time: 285
Connect Time: 0
Latency: 283
Size in bytes: 534
Headers size in bytes: 456
Body size in bytes: 78
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Date: Tue, 19 Jul 2016 09:10:53 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-store
x-ca-err: 992
Content-Type: application/json;charset=UTF-8
Vary: Accept-Encoding,User-Agent
P3P: CP="This is not a P3P policy. Please see http://www.networkfleet.com/privacy-policy/ for the official privacy policy."
Keep-Alive: timeout=3, max=99
Connection: Keep-Alive
Content-Length: 78
Content-Encoding: gzip
HTTPSampleResult fields:
ContentType: application/json;charset=UTF-8
DataEncoding: UTF-8
Response Data
{
"error":"invalid_request",
"error_description":"Validation error"
}
Depending on authentication information your application expects you can work it around in several ways:
Basic HTTP (looks like modal pop-up window when you're trying to open protected page). To bypass it add HTTP Authorization Manager to your Test Plan and provide credentials there. See How to Use HTTP Basic Authentication in JMeter article for details.
Missing or incorrect parameter. Some applications use dynamic parameters for security purposes and if you recorded it - it is hard-coded and cannot be replayed successfully. Try recording your application 2 times and inspect request details for differences. If there are any - work them around using JSON Path PostProcessor

Unauthorized CSRF validation failed in jMeter testing

I'm new to jMeter testing. I want to test the field update on UI. So When I run my test I'm getting the CSRF validation error. How can I resolve this. My test plan looks as,
And the sampler result is as follows,
Thread Name: Thread Group 1-1
Sample Start: 2014-11-18 23:37:49 IST
Load time: 688
Latency: 688
Size in bytes: 483
Headers size in bytes: 457
Body size in bytes: 26
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized : CSRF validation failed
Response headers:
HTTP/1.1 401 Unauthorized : CSRF validation failed
Date: Tue, 18 Nov 2014 18:08:07 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 18 Nov 2014 18:08:07 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1416334087"
Vary: Accept
Content-Length: 26
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json
Why do we get CSRF validation error and how to resolve it.
CSRF stands for Cross-site request forgery and you're getting CSRF Validation error due to missing mandatory dynamic request parameter, usually a Cookie or a Header.
I would suggest executing your scenario in i.e. Firefox Browser with HttpFox or FireBug extension enabled and inspect request details. CSRF token usually comes as a cookie in server's response and needs to be passed as a header or request parameter. So it is similar to usual correlation. So the flow should look as follows:
First HTTP Request: open first page
Extract CSRF token from response via one of the following Post Processors
Regular Expression Extractor
XPath Extractor
CSS/JQuery Extractor
Second HTTP Request: open second page (CSRF-protected). Add the token, extracted in step 2 to one of the following:
HTTP Request Parameter
HTTP Header Manager
HTTP Cookie Manager
Depending on where your server expects the token to live.
For the future, looking at your "localhost" server name - don't run JMeter performance tests on the same machine where application lives.

Resources