I need to do logging in JMeter. In Firefox, i go to the website, enter username and passwort and press the login button. Then i check in console which POSTs are shown. I take login data from xml and give it to HTTPRequest as a parameteres in JMeter. And right now i have a problem. This website, before going to the first page after logging, shows JS PopUp with warning (yes or no to choose). JS code to this popup is shown in console as a Response in this POST method. This popup blocked going further - a content from the URL from this POST is "Acces Denied".
How to fix it? I was thinking about some If Controller but I don't have any specific idea.
I would be greatful ;-)
Forget about JavaScript. JMeter is not a browser.
As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages.
So JMeter won't be able to "see" the popup or to "type" anything in it. However JMeter can mimic the relevant request just like it is originated from the browser. So instead of building your request manually I would suggest to record it. Even record 2 times so if there are any differences caused by dynamic parameters you could identify and work them around.
Also as JMeter is not a browser it requires some extra configuration in order to be more browser-like, i.e.:
HTTP Cookie Manager - to represent browser cookies and deal with cookie-based authentication
HTTP Header Manager - to represent browser headers e.g. User-Agent
HTTP Cache Manager - to mimic browser cache so in case of subsequent requests to the same URL JMeter wouldn't re-download all associated images
See How To Make JMeter Behave More Like A Real Browser article for detailed explanation of the aforementioned configuration suggestions and few more tips.
Thanks ! I recorded it and it helps me a lot. But now a have further issue:
This popup is optional and it is shown when more than 1 user is logged in with the same username. If this happens - I get as a POST response a js code like "new Popup(....etc... ". But when the PopUp won't appear - i get a piece of URL(POST response) which is sticked to a normal URL when there is only 1 user logged. Now I want to consider this two cases. How to do it in JMeter? I made a Response Assertion and as a Pattern to Test I put this piece of URL. If this second condition appers - everything is fine but when this PopUp apers - I would like to stick this piece of URL to the main address and go further.
I have tried to record it but it is just a JavaScript operation and I can't find this moment in JMeter recording. As You said - i have to forget about JavaScript ;)
So, is there any possibility to do it?
Related
I'm not an english native speaker, I'm sorry if what I say make you confused. Thanks.
I'm crawing something from a website recently.The normal operation steps should be as follows:
I log on to this website
I jump to a subpage
I click a button (actually it executes a JS function)
The website return something
But this is inconvenient, because I always need to open the browser to complete these steps. So I found the XHR of step3 in F12 and copied it to a curl command to loop through.
This is much simpler than before, but I still need to log in with a broswer and copy the latest cookie to update my curl command.
Supposing that Step1 and Step3 are actually XHRs, and I know what the args mean.
My question is, how can I get the latest cookies without using a browser, I mean, a real browser software (which I think is the only problem to be solved)? Or is there anything else I don't know that needs to be done?
A typical login consists of a post-request that is sent to the server. The payload typically contains the username and password in plain text like it was sent from a html-form. The answer from the server then contains the session-cookie (sometimes called PHPSESSID or similar) in its header.
The session-cookie can then be used to place further requests.
Sometimes the session-cookie is already set before you login, but only becomes active upon logging in. Generally you will get a new session-cookie every time you connect.
Some websites deploy technologies like google-nocaptcha-recaptcha that prevent bots from logging in at all, just so you know.
What I want:
I'm using a website (that I wish to remain anonymous) to buy securities. It is quite complex and as far as I can see coded in JavaScript.
What I would like to do with this website is to 'inject' a request to buy something from a separate process. So instead of having to search for what I want to buy manually and get in there and manually fill out the form, click buy and confirm the 'are you sure you want to place the order?' popup I would just like to send whatever command/request is being sent to the server when the confirm-button is pressed directly.
To be extra clear: I simply don't want to go through the manual hassle but rather just send a pre-built request with the necessary parameters embedded.
I'm certainly not looking to do anything malicious, just make my order input faster and smoother. It is not necessary to automate login or anything like that.
I understand that this is not much to go on but I'm throwing it out there and ask the question: Can it be done?
I really don't know how this stuff works behind the scenes, maybe the request is somehow encrypted to some custom format that is next to impossible to reverse engineer, or maybe not.
"Injecting" is probably the wrong term. Most people will think of sql injection or javascript injection which is usually malicious activity. That doesn't seem to be what you want.
What you are looking for is an automation tool. There are plenty of tools available. Try a google search for "web automation tool." Selenium http://www.seleniumhq.org/ and PhantomJS http://phantomjs.org/ are popular ones.
Additionally, you may be able to recreate the request that is actually buying the security. If you use Chrome you can open Developer Tools and look at what appears on the Network tab as you go through the site. Firefox and Edge have similar tools as well. When you make the purchase you will see the actual network request that placed it. Then, depending on how the site is implemented you may just be able to replicate that request using a tool like Postman.
However before you do any of the above, I would recommend that you take a look at the TOS for the site you mention. They may specifically prohibit that kind of activity.
I want to elaborate my comment and Michael Ratliff answer.
On example.
We got some services. The administration of this services could be done via web-interface. But only in manual mode, there is no API (yes, 2016 year and no API). So at first there was not much work with administration and we done it manually.
But time passed and the amount of administration work grow exponentially so we come to situation where this work must be automated (still no API even few new versions was released).
What have we done:
We opened pages we need in browser, open Inspect Element (in Firefox), open Network, fill the web-form, press button we need. In the left part we see all requests to service, by pressing any request on the right side appears full description of what was send/get, all requests and their parameters. Then we took that parameters, change them and send back to server. Kind of reverse-engineering though.
For automation we used PHP and CURL. For now almost all work with the services is automated.
And yes, we have used Selenium (before PHP and CURL). You can open form you need. Press Rec do some stuff on the web-form, Selenium collects this data and then you can change parameters in Selenium script and re-run it.
I have recorded script in jmeter for login into system. However, there is a security question page is displayed once user login with correct credential. When user click on login button, system post the data but on second page when user answer and click on button, system post data using ajax/js script and this is not recorded in jmeter. As per my understanding, js is not supported in jmeter. Now the question is how should I record second page to post security question using ajax/jmeter? Is there any solution for this?
I would appreciate your inputs.
Thanks,
JMeter, when testing web services, basically does not matter whether you are using java, javascript or ajax at client side. JMeter will record HTTP requests including request headers and responses from clients and during testing it will simulate the same requests for the specified number of users(threads). You can easily reproduce the web services if you know all the details of the web-request(host, method(get/post), request parameters, request headers, etc.). If you don't know the details or facing problems then you can use Developer tools>Network (press f12 in Chrome) to get the details of web requests. In your case, you closely observe the web request in ajax call using developer tools and provide the details in JMeter.
If you want to pass login credentials, you can make use of user defined variables in jmeter. You can set values in variables and make use it in requests as ${variable_name}
If you need to do some computations,you can use beanshell components or BSF samplers.
If you want extract value(to a variable) from the response data sent from the server and reuse them, then use regular expression extractor.
is there a function in ColdFusion that detects whether or not a browser window is the top window? (Similar to (if (window == window.top)) in JavaScript)
The reason I ask is because I would like to make certain page elements present when the page is directly accessed by the user, and not present if my page is iframed.
CFML code runs on the CF server, whereas any considerations about browser windows obviously run on the client. CF is completely unaware of the UI configuration of the client system, all it sees is "a request". Indeed the requests don't even come from the client, they come from the web server which acts as a go-between for CF-serviced requests: CF has no interaction with the client itself.
The only information the web server gives to CF that in any way relates to the client browser is some of the stuff in the CGI scope, and obviously that's limited. And none of it relates to the configuration of browser windows / iframes.
You will need to solve this with Javascript (which I will add to the tags of your question).
To trigger different code to execute on CF given a certain browsing situation, you are going to need to use Javascript to add some information to the request to identify the situation to CF. This could be adding a parameter on the query string, or something like that.
If someone was 'wrapping' one of my products I'd want to know who and how so I could improve the experience for the user and the site owner. With that in mind, what I would do is automatically break out of any frames by default. I would then create a simple api and provide instructions to other webmasters on the proper way to include your content. Display different content once you've determined if your content is PROPERLY being included in another site. For webmasters that want to include your content:
Provide recommended height/width for the iFrame so you can
include your logo or ads with the content.
Provide anything you want them to include in the query string to help track usage.
You could even add fun stuff to your api to make your content look more integrated into the including website like reacting to url.bgcolor or url.bgimage.
You could go as simple as looking for and recording the value of some url variable like url.remoteSiteAddress or as complicated as registering the site and providing unique key. Of course there are other considerations to take into account to enforce the key. Being that you don't really care that the content is being displayed on a remote site, I suspect just recording a simple url variable is more your speed.
If a different website is putting your page in an iframe on their website, then you could use the CGI.HTTP_REFERRER variable to check if the website domain is yours or not, and load content as desired.
In my Google App Engine app I want to pass this user information
user = users.get_current_user()
to the Chrome extension in a url paramenter when the user clicks a button in the app.
How can I do this?
I read about Cross-Origin HMLHttpRequest but that seems about sending info to the app not about receiving.
This is a follow up to my other questions on this subject.
You can't pass information to the background via a URL parameter like this, but you've got a couple of options.
Probably the easiest way to do this would be to have the extension inject a content script in to your app. Since the content script runs in the context your your web app, it has access to the user details and any other information you might want to pass.
Then, via Message Passing (see http://code.google.com/chrome/extensions/messaging.html), you could send a message to the background page with the information that you're trying to send.
This is from a while ago, but just in case someone stumbles upon it as I did today.
Sending the user email as a URL parameter is totally unsafe. Anyone using curl or their browser can make requests pretending to be any random user. If users can alter data with their requests, or if they should not be able to see each others data then you shouldn't follow this approach.
You should use GAE's cookie based user's service instead:
python version
java version