I am looking for an open source fuzz tool for fuzzing HTTP POST requests. Any ideas?
Fuzzer
Related
I want to load test a web application server which communicates through gRPC (which uses HTTP/2 for transport) with the clients.
It seems that Apache JMeter extended by the plugin JMeter gRPC Plugin and JMeter gRPC Request sampler would be perfect for this.
Among other things JMeter provides a Test Script Recorder which helps quickly generate scenarios by acting as a HTTP proxy between the client and the server.
Question 1: Is it possible to use the JMeter Recorder for recording the communication through the gRPC protocol?
Question 2: Is it possible to use the JMeter Recorder for recording the communication through the underlying HTTP/2 protocol?
I have tried already the JMeter Recorder to record the gRPC communication without success :-( Maybe caused by wrong configuration of the recorder?
No, at least not with JMeter 5.5
No, as of JMeter 5.5 the HTTP(S) Test Script Recorder doesn't support HTTP/2. Neither it does support .proto files so even if you record the raw packets you won't be able to decode them into anything meaningful
So I would recommend using a sniffer tool like Wireshark for capturing the packets between client and the system under test and then replicating the same using JMeter's GRPC sampler.
We have a REST API. When we call the API through the jmeter we get high response times compared to calling the API directly with a c# client that makes a Http request.
There are no resources or anything. It is a POST call that returns around 1 MB of data. With jmeter the latency is around 300 ms vs calling the API directly the latency is 100 ms.
Why is this difference ? What settings should we tweak in jmeter ? Tried tweaking the SSL settings. But that did not make any difference.
Any suggestions ?
THanks
We cannot say anything meaningful without seeing the C# code and your JMeter configuration.
Given you're sending the same requests you should be getting the same responses in more or less the same time so use an external sniffer tool like Wireshark to capture the requests from C# http request and JMeter and compare them. Amend JMeter's HTTP Request sampler configuration to 100% match the C# http request including Headers
Also if your C# http request supports proxy (it should theoretically) you can just record the request using JMeter's HTTP(S) Test Script Recorder, this way you will get the same configuration of the HTTP Request sampler and HTTP Header Manager.
With regards to "tweaking" JMeter I can only think of JMeter Best Practices.
i am doing performance tests of rest api web service. the application uses signalr library. i have a problem with signalr. there are four requests for signalr protocol. the others are login issues.
signalr/negotiate
signalr/connect
signalr/start
signalr/abort
i have done correlation for connection token and it works for signalr/start.
but signalr/connect has no response and the error returns such as :
Response code:Non HTTP response code: java.net.SocketTimeoutException
i looked the differences from browser and jmeter by using wireshark and didnt see any major differences.
i tried a lot of things but still problem is going on.
i am wondering Web Socket Sampler is an obligation? Also i have tried this sampler. but probably i couldnt manage it, it didnt work.
In the majority of cases given you send the same request you should get the same response so if the request succeeds in browser and doesn't in JMeter most probably there are differences (protocol, methods, URL, headers, body, etc.)
We cannot help without seeing the successful and failed request details so I can only give you the following piece of advice: if you don't see "major differences" pay attention to the "minor" ones as well.
With regards to WebSocket Sampler - again we don't know, as per SignalR Transport Protocols documentation
This document describes the protocols used by the three ASP.NET Endpoint Transports: WebSockets, Server-Sent Events and Long Polling
Depending on your application implementation you will have either one or any combination of them, most probably it will be WebSockets, but I cannot guarantee it 100% without seeing the network traffic dump between your browser and your system under test. WebSocket Samplers are pretty well described in the official documentation and 3rd-party articles like JMeter WebSocket Samplers - A Practical Guide
I have a desktop based(.exe) application used for trading of equities.
1.Developed in VB uses TCP/IP.
2.Uses a database server which is an another server which the exe sends requests on.
3.I want to get the entire response using jmeter for 50 users at a time.
I wanted to record the responses for the transactions.I have worked with web applications where we create Http proxy server and start it and the recording happenes from browser but in this case i cant use browser.
Please guide me how to record the responses in jmeter with .exe applications.
Thanks and Regards,
Kumar
JMeter HTTP(S) Test Script Recorder is capable of recording only HTTP or HTTPS traffic so if following conditions are met:
Your .exe application talks to server using HTTP
Your .exe application can be configured to use HTTP proxy or respects Windows global HTTP Proxy settings from registry (or configured in Internet Explorer)
the answer is "yes", you can use JMeter to record the traffic. See Load Testing Mobile Apps. But Made Easy. guide for details on how to do it.
If one of above conditions cannot be satisfied there are following options available:
If you still want to use JMeter there is a possibility to use a sniffer tool like Wireshark to capture requests and manually construct them using JMeter HTTP Request or TCP Sampler.
Consider switching to Grinder tool which offers TCP Proxy
Hope this helps.
I want to know if any tool captures https traffic. I spend many hours searching on Google but did not find an answer. I need to analyze some packets from my application.
How can I capture this https traffic?
You didnĀ“t specify the platform or the nature of your application. Just giving it a try, Fiddler is a HTTP Proxy capable of capturing HTTPS requests.
Capturing HTTPS traffic is one of Ettercap's claims to fame.
which operating system are you running? For Linux, Wireshark is a very famous packet sniffing tool.