I want to add a custom header to HTTP Connect requests as a means for customized communication with a proxy.
Is there a way to do this? Ideally I would do it through a Network Interceptor that sees the HTTP Connect requests. But this doesn't seem to be the case by default when testing with a sample application.
Thanks,
Y.
Related
Our Application is live event based application which creates 2-3 web-socket connection and it is a web-based application which makes both HTTP calls and Web-socket calls.
I have created a script for Https calls as unfortunately Jmeter does not support web-socket recording so I trying to insert web-socket calls manually with the help of web-socket Sampler but not sure which will be the best sampler for same as my request has access token in it.
I tried with Web-socket request-response sampler I am getting 200 OK but their is no data response from server when I compare it with browser developer tool i could see some messages flowing..
Can anyone let me know if I am doing something wrong or missing anything? OR what can be done to solve it.
I believe JMeter WebSocket Samplers by Peter Doornbosch is what you're looking for.
As per Features section:
integrates with JMeter's Header Manager to set additional HTTP headers on WebScoket upgrade request
so you will be able to add HTTP Header Manager, configure it to send Authorization header with the value of Bearer followed by your token and the Sampler will pick it up.
With regards to which one to choose - it depends on the nature of your application and how does the communication with the backend looks like, check out your browser developer tools to see whether requests/and responses are coming via a single connection or a new one is being established for each frame and so on.
More information: JMeter WebSocket Samplers - A Practical Guide
I'm trying to write a custom proxy with HTTPS support.
It means that I need to react to HTTP CONNECT command, then open TCP/IP connection to desired server and lets browser use it.
I can open RAW socket as described here
https://ktor.io/docs/servers-raw-sockets.html#server_send
But I don't want then manually handle HTTP decoding.
I want to detect if it is HTTP or not and then use embedded HTTP parsing.
I currently don't need to do MITM, so I don't need to decode the incoming SSL stream.
But this is also possible in the future.
Something like
https://github.com/ravindraranwala/NettyReverseProxy/blob/master/NettyRPDemo/src/main/java/org/wso2/netty/SecureProxyInitializer.java#L64
or
Problems with building a MITM proxy with Netty that handles both HTTP and HTTPS on the same port
According to RFC 6455 websocket protocol, browser client will include the HTTP Origin header field in the WebSocket handshake phase. And WebSocket server will use that Origin to check if the client has access.
But for a more capable non-browser client, the Origin header in the handshake phase can be cooked into anything. How could WebSocket protocol use such Origin values to decide whether or not to accept handshakes from non-browser clients?
And even with a browser client, can't user just use JavaScript to create a fake Origin header for handshake?
It seems the Origin header alone is too fragile.
The Origin header only prevent smartguy.com users from using your websocket service inadvertently, since WebSockets are not affected by the SOP.
Imagine you create a nice trading application that communicates through WebSockets, and now I create a fancy UX application somewhere else, and write javascrit that connects to your service and interacts with it. How does your service know that the user is connecting from the intended page? The Origin header.
Of course, anything can be tampered in a HTTP Request, but that is common to all HTTP communications. You cannot tell if a user is using a C++ client or a browser client.
What does it mean when an application calls another application via 2 way SSL.
Does it mean that an external application calls another application via https and also receives a https response.
Similarly if it was one way SSL, does it mean it sends a https request but the response will be http.
All the examples for node-http-proxy show a {target: <URL>} option, but I don't want to proxy to a single target. How do I set it up for outbound requests (to any URL)?
Since node-http-proxy seems to be a proxy for inbound connections to a server farm, and not for outbound connections to random websites, I found another tool instead:
http://newspaint.wordpress.com/2012/11/05/node-js-http-and-https-proxy/
This allows me to customize the requests and responses as needed.