Please before you say this has been asked on stack overflow, I have looked at each one of the answers and none of them are working as a solution.
No matter what I do HTTPS websites not working with JMeter recorder.
Using FireFox 63.03
Using JMeter 5.0
Mac OS
Here are my steps: (https://www.youtube.com/watch?v=amEHuq8auTU)
1). Create New Test Plan
2). Added a thread group
3). Added HTTP(S) recorder
4). Using port 8282 (tried 8080 earlier so trying others)
5). redirect automatically, follow redirects checked
6). Select HTTPS test script recorder for target controller
7) Add the HTTPS site (without the https)
8). Click Start
9). Getting prompted that ApacheJMeterTemporaryRootCA.crt is created
10. Triple checked that all previous ApacheJMeterTemporaryRootCA.crt are deleted in firefox cert settings
11). Install the new certificate with the two permissions checked (identify websites, identify users)
12). Now when I go to the site that I added in step 7. I get :
jmeter SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG in the browser.
When I check the jmeter logs:
I get:
2018-11-23 13:14:48,287 INFO o.a.j.p.h.p.Proxy: [50795] KeyStore for SSL loaded OK and put host 'blue.mysite.com' in map with key (blue.mysite.com)
2018-11-23 13:14:48,308 INFO o.a.j.p.h.s.h.LazyLayeredConnectionSocketFactory: Setting up HTTPS TrustAll Socket Factory
2018-11-23 13:14:48,313 INFO o.a.j.u.JsseSSLManager: Using default SSL protocol: TLS
2018-11-23 13:14:48,313 INFO o.a.j.u.JsseSSLManager: SSL session context: per-thread
2018-11-23 13:14:48,326 INFO o.a.j.u.SSLManager: JmeterKeyStore Location: type JKS
2018-11-23 13:14:48,326 INFO o.a.j.u.SSLManager: KeyStore created OK
2018-11-23 13:14:48,327 WARN o.a.j.u.SSLManager: Keystore file not found, loading empty keystore
2018-11-23 13:14:49,606 INFO o.a.j.p.h.p.Proxy: [50788] KeyStore for SSL loaded OK and put host 'www.google.com' in map with key (www.google.com)
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50788] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50790] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:49,613 WARN o.a.j.p.h.p.Proxy: [50789] Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert: readHandshakeRecord
2018-11-23 13:14:56,059 INFO o.a.j.p.h.p.ProxyControl: [50805] Creating entry getpocket.cdn.mozilla.net in /usr/local/Cellar/jmeter/5.0/libexec/bin/proxyserver.jks
2018-11-23 13:14:59,048 INFO o.a.j.p.h.p.Proxy: [50805] KeyStore for SSL loaded OK and put host 'getpocket.cdn.mozilla.net' in map with key (getpocket.cdn.mozilla.net)
2018-11-23 13:14:59,184 ERROR o.a.j.p.h.p.Proxy:
javax.net.ssl.SSLProtocolException: Broken pipe (Write failed)
I have done this a lot of times and have played around with settings. Nothing seems to work. I even switched the url to 'https://yahoo.com' and to another personal site 'https://lawyeranalytix.com' thinking maybe the site I am trying to test has a flawed SSL implementation but it is the same with any SSL enabled site.
There seems to be an issue between the JMeter proxy recorder and TLS 1.4. I solved the issue by limiting the Firefox TLS version to 1.3.
To do this :
Go to about:config in Firefox
Set security.tls.version.fallback-limit and security.tls.version.max to 3.
Then I was able to record as expected.
Try to downgrade to oracle java jdk 10, it solved the problem for me.
for further reference:
https://support.portswigger.net/customer/portal/questions/17434431-gettin-error-code-ssl-error-rx-record-too-long
EDIT: or use openjdk 8
Problem with SSL certificate for url for 'www.google.com'? Ensure browser is set to accept the JMeter proxy cert
It appears that you failed to install JMeter's certificate to Firefox.
Try clearing your Firefox history and ensure to delete everything from the beginning of the time - it will include custom certificates. Restart Firefox once done.
Check out the following materials:
HTTPS recording and certificates chapter of the HTTP(S) Test Script Recorder user manual chapter
Recording HTTPS Traffic with JMeter's Proxy Server
Also be aware of the alternative ways of recording a JMeter test:
JMeter Chrome Extension
Using Badboy with JMeter
Remove the expired certificate.
Import new certificate from bin folder.
Verify certificate date is valid.
Then you will be able to work with HTTPS.
Related
I am using the luminati / Brightdata proxy manager and have puppeteer connected to it locally. All of this exists within a docker-compose network that I created for local dev.
The problem I have occurs when I turn on SSL analyzing and I get the net::ERR_CERT_INVALID error from puppeteer.
Is there a way for me to just supply the .crt file to the puppeteer browser on launch so it trusts the certificate? The luminati cert can be found here https://raw.githubusercontent.com/luminati-io/luminati-proxy/master/bin/ca.crt.
I have tried supplying the chromium --ignore-certificate-errors flag, and this works on the proxy managers' end, but it does not work for logging into my target site.
I am trying to record the flow of a native app whit Jmeter, but it is showing certificate error:
Example:
INFO o.a.j.p.h.p.Proxy: [42104] KeyStore for SSL loaded OK and put host 'mdh-pa.googleapis.com' in map with key (mdh-pa.googleapis.com)
WARN o.a.j.p.h.p.Proxy: [42104] Problem with SSL certificate for url for 'mdh-pa.googleapis.com'? Ensure browser is set to accept the JMeter proxy cert: Received fatal alert: certificate_unknown
The Jmeter.Property setting is defaul
I have also tried to change to:
https.default.protocol=TLSv1.2
https.socket.protocols=SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2
The error indicates that you didn't configure your operating system and/or your application to use JMeter's MITM certificate.
The certificate is being generated in "bin" folder of your JMeter installation when you launch HTTP(S) Test Script Recorder, the file is called ApacheJMeterTemporaryRootCA.crt and you need to install the file onto your device.
The instructions differ depending on the operating system, refer to your OS vendor documentation for more details or include OS information including version into your question.
Reference steps:
Trust manually installed certificate profiles in iOS and iPadOS
Recording Using Android Devices
Install a Self-Signed Certificate on a Windows Computer
Has anyone been successful with using Letsencrypt SSL with a default jetty install? I can't seem to get it right.
More info:
OS: Ubuntu 16.04
Jetty Path: /opt/jetty
Only thing adjusted is enabling http on port 80 in start.ini.
Problems I have run into:
When I input --module-ssl into the start ini, I get the error
No default protocol for ServerConnector#48aca48b{null,[]}{0.0.0.0:8443}`
starting jetty and it fails.
I have tried inputting the SSL info into the ini, as well as editing the .xml files with the info.
I know this is an older question, but in-case people stumble across it on Google with a similar issue:
The SSL module in Jetty is just the base cryptographic functionality. You need to do something with it - i.e. also enable the https or http2 modules.
In other words, for standard https you actually need:
java -jar start.jar --add-to-startd=ssl,https
So it's not the best of error messages, but:
No default protocol for ServerConnector
Means just that - it didn't previously have a protocol (implementation) to use the ssl module with, because the https (or http2) modules hadn't been loaded.
I am using Windows XP and running Tomcat 6.
I am trying to enable SSL on Tomcat. First, I tried it with client authentication.
It didn't work - and I configured it to work without client authentication.
I have certificate installed on the tomcat server, and also the CA certificate installed on the browsers (IE & FireFox).
It still doesn't work.
In IE the server doesn't throw any exception except for EOFException.
In FireFox it throws SSLHandeShakeException: Remote host close the connection.
Can anyone help?
Thanks.
The SSL configuration as provided in the comments is highly suspect - particularly the keyStorePass attribute. I suggest you work from the Tomcat SSL docs and proceed in the following order:
Get https working from a browser with a self-signed certificate
Then get it working with a proper certificate
Then try and add client certificate authentication
This does all work. It is tested as part of the Servlet TCK and every Tomcat release passes the TCK.
I have open ssl installed on the server, all the key ,csr and crt on the server. Configured apache conf to the correct path for key and cert but i don't see a lock in the url(firefox 3.6.2).In chrome it shows https crossed out with red.Does this mean the certificate is not working properly? I have apache2 as the web server.
tls provides both encryption and authentication.
Encryption means that outsiders are unable to read your traffic.
Authentication means that you are confident of the identity of the host your are communicating with.
If chrome crosses out the https, it means that you are using tls, and you have probably set up encryption properly, but chrome is not confident in the authentication of the server. Typically, this is caused by an untrusted certificate; either the subject does not match, or the CA is not trusted.
If you are using a self-signed cert, then it's probably an untrusted CA. Installing the CA into chrome should fix the problem.
I face same problem some time ago that I have installed the SSL certificate successfully but still it show cross on browser address bar, I found the issue was caused due to a image and a javascript file which was included as absolute HTTP url. I change absolute URL to relative and now both files were loading over HTTPS and browser show green bar.