Testing Pinterest with Jmeter - jmeter

I've succesfully installed Jmeter and setup the recording. I added the next config elements: HTTP Cookie Manager, HTTP Cache Manager with clear cache every iteration enabled. I'm using Firefox and Jmeter is recording everything that I do in the browser.
But I have one problem: when I go to pinterest.com I receive a white page with black text. Every other website is working like it suppose, but I want to test only Pinterest. When I try to setup a new account...the same: white page with black text. Something is not loading correctly and I don't know what.
Can someone help me with a hint?

When you to through the proxy, your browser doesn't trust HTTPS traffic anymore, because the proxy replaces the certificates. If your page is a HTTP page that uses HTTPS resources like Style Sheets or JS files, you get what you're describing - a plain black text site on white background - where graphic buttons don't work anymore.
If you use firebug to inspect your traffic, you will see the resources that are not loading because of HTTPS certificate issues. You can either add exceptions to your browser to load these resources, or as #aleix suggested you can use a browser plugin like Blazemeter to record scripts without going through a proxy.
See here for more information.

Thank you all for answering to my problem. I've resolved the issue by importing manually the certificate created by Jmeter in his bin folder to Firefox.
It was, indeed, a https certificate problem, but I'd managed it because of your feedback.

Try blazemeter extension for chrome, is a recorder http request like proxy server of JMeter, and maybe it wil allow you to record correctly in pinterest

Related

Opening HTTP content within HTTPS

We have a HTTPS website and I need to display a HTTP website (any external website) into my page. The website used iframe for displaying it. We realised that it doesn't work in mozilla firefox. We are getting a "mixed content" error. I am searching for an alternative to iframe now. I understand that it makes no sense to bypass the security warning. We also do not want to change any browser settings as it is possible that all the users may not have permissions to change browser settings. Using tags like <embed> or redirecting in <div> tag also gives the same problem.
Is there any way to do this in C# code and not using HTML and scripting.
Response.redirect() does not work in our application. I do not have a problem if the page is redirected but I prefer a dialog/popup window for the external website to display.
This is simply a security consideration. Your HTTPS site is not truly safe when using mixed content.
Use HTTPS for your external site, period.
As Mozilla suggests:
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.

How to handle Strict Transport Security (HSTS) using JMeter Recording

I would like to know another possebility to bypass this except flood.io. This is what I get. Last time I tried this, the page couldt be exported to .har in a proper way.
JMeter 2.13
FF v44
Blazemeter (makers of JMeter) now have an online conversion tool:
converter.blazemeter.com
I had a similar issue with one of the internal sites I am testing with.
Jmeter Recording worked for Firefox, but not for Chrome.
Then I found this page: https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/
To Summarize, you'll need to navigate to that browser's HSTS settings page. e.g. chrome://net-internals/#hsts
Then Query that domain to see if it really is an HSTS issue.
Finally, delete that domain from the HSTS entry list.
It didn't work for me until I reopened my browser, but now I'm able to record a script through my app, whereas I couldn't even get to the login page before in Chrome.

How do I know if my page is being cached?

I have a WordPress site that is doing a few weird things, and I believe it is because it is being cached. I changed the contents of a CSS stylesheet file, and the change took around 10 minutes before it appeared live.
I can't however find any caching mechanism setup. I've looked through cPanel and can't see anything setup there. The IP of the site resolves to the IP that cPanel is showing.
I've looked for plugins in WordPress and can't see any caching plugins (although if it was a caching plugin, would accessing a stylesheet be cached?).
Any tips on how I can see if the page is being cached on the server or by a plugin?
Put a JavaScript bug on the page which crafts a random URL and requests it. Compare the number of page requests to random URL requests. But there are lots of scenarios where a browser can cache a page in the absence of caching information.
If your website is behind Cloud Flare network or such, this is normal behavior.
Try running next command (Windows Command prompt/Linux terminal):
ping www.yoursite.com
and visit resolved IP address in browser - this may tell you if you are behind caching network.
Take a look at this article: http://www.mobify.com/blog/beginners-guide-to-http-cache-headers/

firefox has blocked content that isn't secure

I am running a site. Some of its pages are not working in Firefox, but work perfect in Chrome. In Firefox it shows me a gray shield next to the URL and when I click on that shield and manually click on disable protection on this page then my page works fine. So now the problem is that there are many users on my site, and some of them don't know how to do it so I want to handle it on my site so its users don't need to do that.
How can I do it? I Googled and found a setting of Firefox in about:config named security.mixed_content.block_active_content. If we set it to false then it works. So is there a way to do it programmatically or other way so that users just view that page without seeing that shield?
As I understand it, content that is blocked by default by Firefox now is http content that is accessed from an https page. Common types of content that fall foul of this are external stylesheets and images.
As far as I am aware the way to prevent the problem on your site is to make sure that if a page is served by https, any and all other files that it references are also served by https.
Hi Friends,
The reason you see this error in Mozilla Firefox is because your
website is a Mixed Box that is, your website has many internal links
which are not SSL protected.
In order to avoid this error from showing up in Mozilla Firefox you
will have to make sure all the internal links on your website are SSL
protected.
So, Use https:// in your page not http://
I hope I was clear enough in answering your query.
firefox has blocked content that isn't secure means there are some contents on your website are not secure.
I had same issue as my fonts were downloading with http://google.apis.something instead of https
Then I change to //google.apis.something and problem get solved.
To know what is not secure in you website use this link

get feedburner feed on httpS

We are grabbing our feed at feedburner by using the jquery jGFeed plugin.
this works great until the moment our users are on a httpS:// page.
When we try to load the feed on that page the user gets the message that there is mixed conteent, protected and unprotected on the page.
A solution would be to load the feed on https, but google doesn't allow that, the certificate isn't working.
$.jGFeed('httpS://feeds.feedburner.com/xxx')
Does anyone know a workaround for this. The way it functions now, we simply cannot server the feed in our pages when on httpS
At this time Feedburner does not offer feeds over SSL (https scheme). The message that you're getting regarding mixed content is by design; in fact, any and all content that is not being loaded from a secured connection will trigger that message, so making sure that all content is loaded over SSL is really your only alternative to avoid that popup.
As I mentioned, Feedburner doesn't offer feeds over SSL, so realistically you'll need to look into porting your feed to another service that DOES offer feeds over SSL. Keep in mind what I said above, however, with respect to your feed's content as well. If you have any embedded content that is not delivered via SSL then that content will also trigger the popup that you're trying to avoid.
This comes up from time to time with other services that don't have an SSL cert (Twitter's API is a bit of a mess that way too.) Brian's comment is correct about the nature of the message, so you've got a few options:
If this is on your server, and the core data is on your server too, then you've got end to end SSL capabilities; just point jGFeed to the local RSS feed that FeedBurner's already importing.
Code up a proxy on your server to marshall the call to Feedburner and return the response over SSL.
Find another feed service that supports SSL, and either pass it the original feed or the Feedburner one.
i have started using WordPress paid theme Schema for my several blogs. In general, it is a nice theme, fast and SEO friendly. However, since my blogs are all on HTTPS, then I noticed that if I had a widget of (Google Feedburner) in the sitebar. The chrome will show a security error for any secure page with an insecure form call on the page.
To fix this, it is really simple,
you would just need to change the file widget-subscribe.php located at /wp-content/themes/schema/functions/ and replace all “http://feedburner.google.com” to “https://feedburner.google.com”.
Save the file, and clear the cache, then your browser will show a green padlock.
and i fix this in my this blog www.androidloud.com

Resources