when sending json request to server I am getting forbidden 403 - jmeter

I am learning jmeter.
I am passing json request in Body of http request. I set content-type as application/json. passing cookie value using cookie manager. I am getting response code as 403. how to resolve it??
I have passed all the headers which is caputred in Firebug.. Only the difference is the captured cookie in the firebug has lot of values but when i run the test, the below only is passing (if I use, Cookie Manager) other than that all are same.. No clue why it is returning 403..
Cookie Data:
connect.sid=s%3AFBcljlVYI2p1WyjuxcDgWQKJ.kSrLYIsSy9T%2FEgSB25yUq0T3qTjpqF69GJhyW9GzJpU; TOKEN=ZU3cf9fKGCPJXM6qi7JX6DVv2%2B3Jw8q%2Flnb2A%3D

403 is a "Forbidden" error. Most likely is that something needs to be sent in the body of your http request, like a token, which needs to be extracted from the log in request.

Add Http authorization manager, specify the url along with the crednetials in it. Keep the encoding mechanism to BASIC_DIGEST. Enable log viewer so that you can trace the exact issue

Related

JMeter view results tree requests showing error

Why is this second request happening (Request2-1) here and how to solve it.
Your request is redirected and there is not permission to access the resource.
The HTTP 403 Forbidden client error status response code indicates that the server understands the request but refuses to authorize it.
Please check the request details in the view result tree by clicking Request->Request Body and Request->Request Headers
You need to ensure that the request is permitted.
Most probably the resources, you're trying to access require authentication and you're not supplying valid authentication context.
If you do HTTP Status Code 403 means that the user is not allowed to access the endpoint.
See How to use JMeter for Login Authentication article for more information on example bypassing login challenge in JMeter tests.
If "Follow Redirects" is selected in HTTP Request, it will follow the redirects and groups each redirect under the original request as in the image you posted.
Some APIs can redirect, this is normal. Response failure is caused by the request content sent. Check the parameters and body values you sent.

Post Request getting failed due to webkitformboundary in JMeter

We have a recorded script using Blaze Meter(HTTPS call) and run in JMeter, One POST request getting failed and shows "500 Internal Server error". In Post request, JSON passed in form of "form-Data" as parameter. When endpoint executed we observed Webkitformbounday in HTTP header, Please give some solution for
HTTPs Request
HTTP Header Manager
POST Request Body
enter image description here
It looks like the recording solution you're using isn't very suitable for building proper HTTP POST request, I would suggest the following amendments:
Untick Use multipart/form-data box in the HTTP Request sampler
Remove issueDetail parameter name and put it to the end of "path"
Change Content-Type header value to application/json
Authorization header value might need to be correlated if the token life span is short
More information: Testing SOAP/REST Web Services Using JMeter

JMeter POST request is returning 200 OK instead of 302 (redirect)

I'm attempting to login to a website that uses IdentityServer with JMeter but am getting stuck at the point where I post my credentials.
If I inspect the request via fiddler, I can see that it returns a 302 with a redirect, however when I attempt to post the same request in JMeter, I get a 200 with 'Error' in the html with no details.
This is my request in JMeter....
This is the request in Fiddler....
And this is the HTML response in JMeter (200 OK)...
And this is the Fiddler response...
And this is the HTML response in Fiddler, after the redirect...
I can confirm that my JMeter variables ${COOKIE_idsrv.xsrf} and ${SignIn are populated with the correct values.
Other points to note
I have a HTTP Cookie Manager
The HTTP Manager Referer headers are set correctly
All requests are set to Follow Redirects
I retrieve all embedded resources for each request
Does anybody know what could be the issue here?
In your POST request, why do you have "signin" parameter included?. You have already added "signin" as a query parameter and it appears to be redundant and not required for the actual POST body data. Fiddler does not have it in both the places. Please check.
After much frustration it turned out the issue was due to ${COOKIE_idsrv.xsrf} not containing the correct value for idsrv.xsrf. Once I changed this to pull it from a previous request it seemed to work okay.

Response Data for "GET Method"

I am creating different HTTP Requests for a site and taking an access token as a variable from Regular Expression Extractor and using it in another HTTP Request.
The Thread group is working fine; i.e. no error in View Results Tree. But Response data is only coming for the Request with POST Method. Nothing is coming for the Request with GET Method and both requests are taking the access token properly.
In some cases you may get response code 200 ok and request still may fail. In case of your get request that seems to be happening.
Check following:
Headers being sent with get request. (Compare request being sent from JMeter and from real browser.)
Add response assertion to get request to be assure the correctness of the response. (Check what response you get for the request made from browser.)
Make sure you have added cookie manager in the test plan.

Heroku CSRF and POST httpRequest

I have a web crawler on Heroku and I'm trying to call the script from a POST request on Parse Cloud Code httpRequest but I receive a 403 forbidden response basically telling me the Referer Header didn't pass. How can I get past this?
Django's CSRF protection tests the Referer header: see https://docs.djangoproject.com/es/1.9/ref/csrf/#how-it-works. Browsers typically send that header to indicate the page that originated a request, but programmatic user agents don't (cURL, Python requests, and presumably Parse.Cloud.httpRequest) without being told to do so.
To add custom headers to a Parse request, see: Parse.Cloud.httpRequest call with HTTP request header (note the headers object).
That said, you also need to make sure you have a way to get the CSRF token to begin with, and include it either in a XCSRF-Token header or a form field (unclear from your question whether you are doing that).

Resources