How can I install Root CA Certificate, i.e. an Apache jmeter TemporaryRootCA created in Jmeter bin in Mobile for Android (Native) application? How can I Install that package in Mobile for recording purposes (Script Recorder)?
When you start JMeter's HTTP(S) Test Script Recorder JMeter generates ApacheJMeterTemporaryRootCA.crt in its "bin" folder. The easiest way to get it installed onto Android device is:
Send the certificate to yourself by email from the desktop computer as an attachment
Open the email on the Android device
Click the certificate in the attachment and follow Android instructions to install it
Remember that the certificate has limited life time (it is valid for 7 days) so ensure that it is up-to-date while recording.
See How do I install a user certificate? thread for more details.
Alternative solution would be using a cloud-based proxy service which automates certificate installation process. Moreover you will be able to export recorded requests in "SmartJMX" mode with automatic correlation of the dynamic parameters.
First use JMeter Recording Template
Then start JMeter's HTTP(S) Test Script Recorder, it will generate in jmeter/bin folder, a file called ApacheJMeterTemporaryRootCA.crt .
Copy file to your android device and install it as CA Certificate.
See How do I install a user certificate? thread for more details.
The certificate has limited life time (defaults to 7 days) but you can extend it by setting in user.properties
proxy.cert.validity=Number of days
Now the problem you'll face in Android >= 7.0 is that applications only use by default System installed Certificates.
So you'll need to ask developper of application to modify the APK, see why here.
Edit manifest and add :
android:networkSecurityConfig="#xml/network_security_config"
You'll get:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="#xml/network_security_config"
... >
...
</application>
</manifest>
Then add in res/xml/network_security_config.xml this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
</trust-anchors>
</base-config>
</network-security-config>
Note that this is needed whatever tool you use (Neoload, LoadRunner, ...)
For full details you can read:
https://www.ubik-ingenierie.com/blog/how-to-record-android-application-using-https-traffic-jmeter/
Related
When I launch JMeter and start a recording in the "HTTP(S) Test Script Recorder" a window pops-up indicating that a Root CA certificate has been generated in the JMeter bin directory, but when I go to the bin directory there isn't any certificate there.
I am using JMeter 5.4.1 on Windows 10.
Based on this, I tried launching JMeter with administrator permissions and checked the permissions of the bin directory but still no certificate was generated.
As suggested here, I also tried to delete the files ApacheJMeterTemporaryRootCA.crt, ApacheJMeterTemporaryRootCA.usr and proxyserver.jks from the bin directory. Afterwards, I launched JMeter again and started the recorder but still no certificate was generated.
I also tried using a different version of JMeter and downloaded version 5.4.3, but the certificate was still not generated.
[EDIT]
According to Dmitri T's suggestion, the jmeter log can be viewed here.
We cannot help without seeing your jmeter.log file, better with debug logging enabled.
Look for the following line:
ProxyControl: Created keystore in
it will contain the path where the certificates are created. If not the log file will display the error.
You may also find JMeter Chrome Extension easier to use, in this case you won't have to worry about proxies and certificates.
It seems I managed to find a solution to my problem. The value I had on the system and user variable _JAVA_OPTIONS was causing the failure. I deleted those variables and the certificate was generated again.
I am a complete beginner in Jmeter and facing error 443 while performing android app Load testing in Jmeter(5.4.1). I have followed all required steps to connect jmeter to mobile apk.
Without knowing what "all required steps" you "have followed" we cannot provide any comprehensive input.
"All required steps" are:
Start JMeter's HTTP(S) Test Script Recorder
Locate ApacheJMeterTemporaryRootCA.crt and install it onto Android device
If you're running Android 7.0 or higher:
In the application section of your application manifest add the following attribute
android:networkSecurityConfig="#xml/network_security_config
Add the following file to your application resources folder
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Re-build your application in debug mode by invoking gradlew assembleDebug command
Install the debug version of the .apk onto your Android device
You should be able to record now, if still not - check out jmeter.log file and Android device log
More information: Recording Using Android Devices
As the title already states JNLP cnnections are deprecated. Jenkins also gives a message and a hyperlink to
https://en.wikipedia.org/wiki/Java_Web_Start#Deprecation.
So what's the recommended way to attach a Windows agent to Jenkins now? There seems to be no real good guide on https://jenkins.io covering that topic.
There are two options: Either use an open source alternative for Java Web Start or use the Jenkins service wrapper instead. The latter gives you the most control.
Open Source Alternative to Java Web Start
There is an open source replacement called OpenWebStart which is based on IcedTeaWeb.
More information: Java Web Start is dead - long live OpenWebStart!
OpenWebStart is an open source implementation of the WebStart and JNLP
standards (JSR-56).
[...]
In IcedTeaWeb we are currently working on mapping the JNLP spec and
supporting its functions to the greatest extent possible. In addition
to OpenWebStart, which uses IcedTeaWeb as its core, IcedTeaWeb is also
used within AdoptOpenJDK to provide minimal WebStart in the Java 8
releases of AdoptOpenJDK. However, these are limited compared to
OpenWebStart because they can only use the current JVM to run
JNLP-based applications.
Using the Jenkins Service Wrapper
When installing Jenkins service through the service wrapper (winsw-*.exe), Java Web Start is no longer required. It seems that JNLP protocol is still used behind the scenes, so it may still have some deprecation issue in the future.
Official installation guide
Steps (assuming you have already set up the node in Jenkins master):
Download latest service wrapper from http://repo.jenkins-ci.org/releases/com/sun/winsw/winsw/ (e. g. "winsw-2.2.0-net4.exe")
Place it in the Custom WorkDir path and rename it to "jenkins-agent.exe"
Download "agent.jar": http://YourJenkinsServer:8080/jnlpJars/agent.jar
Place it in the Custom WorkDir path and rename it to "agent.jar"
Create "jenkins-agent.xml" in the same directory:
<service>
<id>YourJenkinsAgentServiceId</id>
<name>Your Jenkins Agent Service Name</name>
<description>This service runs an agent for Jenkins automation server.</description>
<executable>C:\Program Files\Java\bin\java.exe</executable>
<arguments>-Xrs -jar "%BASE%\agent.jar" -jnlpUrl http://YourJenkinsServer:8080/manage/computer/YourNodeName/jenkins-agent.jnlp -secret YourSecretStringConsistingOfHexadecimalCharacters -workDir=C:\YourNodeWorkDir</arguments>
<logmode>rotate</logmode>
<onfailure action="restart" />
<download from="http://YourJenkinsServer:8080/jnlpJars/agent.jar" to="%BASE%\agent.jar"/>
<extensions>
<extension enabled="true" className="winsw.Plugins.RunawayProcessKiller.RunawayProcessKillerExtension" id="killOnStartup">
<pidfile>%BASE%\jenkins_agent.pid</pidfile>
<stopTimeout>5000</stopTimeout>
<stopParentFirst>false</stopParentFirst>
</extension>
</extensions>
</service>
Adjust "jenkins-agent.xml" according to your environment. The java.exe should be the same version as used by Jenkins. Make sure to adjust all strings I prefixed with "Your" and also the path to "java.exe". You'll find the secret string and correct jnlpUrl on the node configuration page of Jenkins master (e. g. http://YourJenkinsServer:8080/manage/computer/YourNodeName/).
Official documentation
Create "jenkins-agent.exe.conf" file to prevent the executable from running on an earlier version of the .NET Framework.
<configuration>
<startup>
<supportedRuntime version="v4.0"/>
</startup>
</configuration>
Launch "cmd.exe" as administrator and navigate to directory of "jenkins-agent.exe".
Install the service: jenkins-agent.exe install
Launch the service: sc start YourJenkinsAgentServiceId
Notes:
For simplicity I have used http protocol only. When the connection is working, I recommend to switch to https for improved security.
If you are using a self-signed certificate on the Jenkins server (typically in a LAN), you have to install the certificate on the agent into the Java certificate store (as the Windows certificate store is ignored by Java). This can be done using Java's keytool (more information).
Help!!!
I am trying to create a windows ami that when launched (need multiple [20] live servers to be launched for short durations at short notice) auto logon and run an .exe application (unfortunately I can not get the app to run as a service). Also machine names must be unique.
Problem works fine pre sysprep, but when I launch instance from the ami it fails to logon as the machine name has obviously changed from the original machine image.
The only way I have managed it is to not sysprep, take an ami, then log onto the new machine when launched and manually change the machine name, and set the autologon sysinternal tool. THis is not ideal as the end user is not technical and time constraints do not allow for this action to be performed efficiently.
I am at my wits end! Your help is very much appreciated.
I am aware this is a very old question. Google, nonetheless, led me to this question when I faced a similar issue. I did the following to solve my issue.
Customize an instance to your liking. The AMI will be created using this instance.
Create a new user account with admin privileges. This is needed as Sysprep\Ec2ConfigService will reset the Administrator password. Add this user to the group Remote Desktop Users, so you can RDP using this user account.
Edit EC2's Sysprep answer file to enable auto-logon.
Append the following to component node named Microsoft-Windows-Shell-Setup in the file C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml
.
<AutoLogon>
<Password>
<Value>NewUser'sPassword</Value>
<PlainText>true</PlainText>
</Password>
<Username>NewUser'sName</Username>
<Enabled>true</Enabled>
<LogonCount>999</LogonCount>
</AutoLogon>
The resulting file should look like the snippet below. I have removed the parts not necessary for this answer.
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<!-- snip -->
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- snip -->
<AutoLogon>
<Password>
<Value>NewUser'sPassword</Value>
<PlainText>true</PlainText>
</Password>
<Username>NewUser'sName</Username>
<Enabled>true</Enabled>
<LogonCount>999</LogonCount>
</AutoLogon>
</component>
</settings>
<!-- snip -->
</unattend>
Next we edit the EC2ConfigService settings.
In the file "C:\Program Files\Amazon\Ec2ConfigService\Settings\BundleConfig.xml", ensure the value for SetPasswordAfterSysprep is Yes.
In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the state node has the value Enabled for the plugin Ec2SetPassword.
In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the value for RemoveCredentialsfromSysprepOnStartup is false.
You are already launching an exe on logon. Using the same mechanism, also launch a script that will delete the AutoLogonCount setting from the registry. This step is important, else after 999 (as per the example mentioned above) logins, the autologon will stop.
.
powershell.exe -command { Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\winlogon" -Name AutoLogonCount -Force -ErrorAction 0 }
Now we can start Sysprep. Either use the UI or the following command.
.
%ProgramFiles%\Amazon\Ec2ConfigService\ec2config.exe -sysprep
Any instance launched using an AMI created from the above instance, retains the auto-logon behaviour indefinitely.
Don't know if this software can help, look at LogonExpert and its satilite articles:
1) Deployment
2) Commmand line/vbscript control
3) Scheduling
I am working in a Desktop application that provides Online Backup of data. In my application i am trying to implement automatic software update feature. For this i am using java web start. I have done the following process for using java web start.
1> created jar with all resources.
2> created jnlp file as :
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+"
codebase="http://cmswebusa.com/kapil"
href="PixelVaultJNLP.jnlp">
<information>
<title>PixelVault</title>
<vendor>globussoft</vendor>
</information>
<resources>
<!-- Application Resources -->
<jar href="PixelVault.jar" main="true" />
</resources>
<application-desc
name="PixelVault"
main-class="com.pixelvault.systemtray.SysTray">
</application-desc>
<update check="background"/>
</jnlp>
where PixelVault.jar is jar of the application which is on http server location.
while i am trying to download my application using command prompt run option by typing :
javaws , i am getting AWT Permission Exception as:
java.security.AccessControlException: access denied "java.awt.AWTPermission"
it says "java.awt.AWTPermissionException""accessSystemTray". I am not getting how can i allow my application to use system tray.
Please guide to make changes in jnlp file or making any other change in my application.
I thanks to your all valuable suggestions that will help me to solve this problem.
To get rid of that error:
The JNLP will need to declare all-permissions within a security element.
The code will need to be digitally signed.
Note that the JNLP file has elements out of the correct order. Use JaNeLA to check the validity of the file as well as other aspects of the launch.