The required anti-forgery cookie "__RequestVerificationToken" is not present in JMeter - testing

JMeter is not able to process request. Its showing error
The required anti-forgery cookie "__RequestVerificationToken" is not present
in JMeter, while same provided in HTTP Cookie Manager element. Ihave added

It looks like that your application is protected by a form of CSRF attack prevention.
Bypassing CSRF protection with JMeter isn't a rocket science, it is classic correlation example. I would recommend to follow the next steps:
Add View Results Tree Listener to your test plan
Execute test plan
Open very first request in View Results Tree listener and look for something like __RequestVerificationToken
Once found fetch its value via on of the following post processors:
Regular Expression Extractor
XPath Extractor
CSS/JQuery Extractor
Once you have token extracted and stored into a JMeter Variable add a HTTP Cookie Manager as a child of the next request and configure it as follows:
Name: __RequestVerificationToken
Value: Reference Name of the variable used in the extractor from step 4. I.e. if Reference Name was token put ${token} into Value input.

Related

How to pass session id to cookie data using JMeter?

I'm new to JMeter and want to know how to pass session-id to all httpRequests.
I have tried with cookieManager and then HttpRequest is having session-id but response shows "session expired".
Cookie manager and Post Processor will solve the problem.
For example-
below opensrm is transaction controller
Add HTTP Cookie Manager and add Post Processor in the request to extract the result as below.
Below is a Boundary extractor I used to extract the value of the session ID from the response.
Refer this for Boundary Extractor
Now we will use this variable to initialize cookie in Cookie Manager
sessionID is a variable used to store extracted session id from the response in Boundary extractor.
For how to use HTTP Cookie manager https://jmeter.apache.org/usermanual/component_reference.html#HTTP_Cookie_Manager
FYI: Cookie manager should be used where ever the session id is used in requests.

J-Meter gives false results

I'm trying to learn J-Meter.
When I'm running a sample script of logging into a site using both valid/invalid credentials,it doesn't stop thread execution when invalid login credential is used and also login is not recorded in database.
Does it actually login to the website or only creates virtual login to create a similar environment.Is there any way to achieve this using Samplers?
JMeter is/acts as a headless browser.
Whatever your browser with an UI does, JMeter can also do - except executing a javascript. So, If you had recorded your script correctly - JMeter can login to the actual application as well.
Jmeter is not like QTP/Selenium. It does not know if it is a valid credential/invalid credential. It passes/fails the request based on the HTTP codes. If the HTML response from the server comes with a 200 http code, It passed for JMeter. If the server responds with code 500, JMeter fails the request. But JMeter also provides a way to validate the response you get - Assertion. You can use Response Assertion to see if you are seeing the home page or not to confirm if the user has logged in successfully.
To stop the test on error, select the appropriate option here in thread Group properties.
JMeter is a very nice tool & have been using it for 2 years with no issues.
Good luck!
Does your script have Config Element -> HTTP Cookie Manager? It needs cookie for the login function.
If your script has many transactions with the same level with login transaction and the option you select in your Thread Group is Continue, all transactions will be executed no matter login transaction is passed or failed.
In case you want the other transactions will not be executed if login fails, let add a Regular Expression Extractor as child of the login transaction to retrieve the text Dashboard, put other transactions into a Logic Controller -> If Controller. Suppose the Regular Expression Extractor has name Dashboard and Default value is NotFound, then the Condition of If Controller will be "${Dashboard}"!="NotFound"
JMeter automatically treats 2xx and 3xx HTTP Response Codes successful so it won't be able to detect failed login unless you explicitly tell it to check presence or absence of some specific content in the response data.
So if you add a Response Assertion you will be able to conditionally fail sampler and choose what to do in case of failure via "Action to be taken after a Sampler error" on Thread Group level.
See How to Use JMeter Assertions in Three Easy Steps guide for more details on the assertions domain.
If you're unsure what JMeter Sampler is doing you can check request and response details via View Results Tree listener. If you cannot simulate login event in majority of cases it is due to missing HTTP Cookie Manager and/or failed correlation of dynamic mandatory parameter(s) like Viewstate, CSRF token, etc.

jMeter issue when using Cookie manager and Regular expression extractor

So basically I need to extract an auth token from header response of 1st http request and then use the extracted data in 2nd (and all the following) http requests cookies.
The issue here is, that I have cookie manager set for the whole controller and instead of getting actual data I get the name of variable in my cookie ".authToken=${auth}".
I am guessing the reason is that the variable is not declared when the test reaches Cookie manager, but I would expect jmeter to be smart enough to declare the variable when it gets to the regular expression extractor.
Structure
Thread
Cache Manager
Cookie Manager (Cookie Policy:compatibility; Implementation:HC3)
Controller
Http Request
Regular expression extractor
Http request (I need to use value extracted above in Request Cookie here)
Http request (I need to use the same value in Request Cookie here)
Http request (I need to use the same value in Request Cookie here)
.....
Details:
All the http requests are recorded with implementation HttpClient3.1
Pretty sure I have everything configured correctly as in variable names, regular expression since it works in a very specific case:
The only time it seemed to work correctly was when I had Cookie manager inside the http request and disabled the 'main' Cookie manager (the one for the whole controller). Then it got extracted correctly, but that would be really silly workaround for such a basic requirement and also I have many http requests (over 100) where I need to use the extracted value.
Jmeter doesn't need to use the variable before it's declared by the regular expression extractor, I made sure that the domain is correct and it gets used for the first time after it should have been extracted.
Another workaround I thought of would be having separate threads, have them linked and send the variable in between them, launching the next one once the data gets extracted, but that seems a little bit too drastic.
What I tried:
Splitting http requests into 2 different controllers and using 2 different Cookie managers - got "${auth}" instead of some value
Defining user variable above controller and then using "Apply to: Jmeter Variable" option - again got just string "${auth}" instead of some value.
Moving the Cookie manager to a position after the http request which is used for the extraction - again "${auth}" instead of some value
Setting different cookie's policy (not all of them, but few)
Setting "CookieManager.save.cookies=true" in jmeter.properties (and still have on true)
Any help/ideas are appreciated. I have been trying to figure this out for about an hour and I think I must be missing something very simple.
Alright, finally got this resolved after roughly 2 hours.
Thanks to this article, I was able to do what I needed
https://capacitas.wordpress.com/2013/06/11/thats-the-way-the-cookie-crumbles-jmeter-style-part-2/
In nutshell: You need to use beanshell pre-processor and add the cookie manually
Here is the beanshell script in case the site dies:
import org.apache.jmeter.protocol.http.control.CookieManager;
import org.apache.jmeter.protocol.http.control.Cookie;
CookieManager manager = sampler.getCookieManager();
Cookie cookie = new Cookie("CookieName", vars.get("YourExtractedVariable"), "Domain", "Path", false, 0);
manager.add(cookie);

JMeter - injecting variables into a HTTP Request

I'm trying to work with JMeter to test some web services. So far so good, but I was wondering if you could do the following -
I make a http POST request to create a resource, and if successful the response comes back with the location of the resource in the headers. What I would like to do is take the value of this header, and use it in a http GET request to retrieve the resource. Is this possible with JMeter?
Any help is much appreciated
Use the regular expression extractor to extract the header value to a variable by using a regex. Then use the variable like any other variable in your GET request.

How to process and insert user defined variable from/in SOAP Response/Request i in Jmeter ? SOAP request parametrization in jmeter

I am trying to solve following problem:
I have a system with which communication is done through SOAP (XML over http).
In Jmeter I am using SOA/XML-RPC (not wsdl based webservice).
I am sending one SOAP request and receiving response in vollowing tag
<Prodrevision>5</Prodrevision>
This number changes from time to time and goal is to get that number in that tag put it as user defined variable and pass it to another SOAP/XML-RPC
Mine jmeter test plan looks like that
-User defined variabla - here I have empty varaibla named "var'
-SOAP/XML- RPC (this SOAP REQUEST causes that RESPONSE is received)
- XPath Extractor with
reference name: var
XPath Query: //*[local-name()='Prodrevision']/text()
(this should according to FAQ's process/parse response and asssign it to variable var)
-SOAP/XML-RPC - and in this XML request SOAP/XML-RPC data field has
..xml data
<Prodrevision>${var}</Prodrevision>
...xml data
But I am not sending anything in the second request ??? mine requests hits server but there is no value.
Where I made a mistake?
Whenever you see ${variableName} in the request, it means the variable hasn't been defined. Most likely, it's an issue with how XPath is setup. I've never used that component, so unfortunately I can't help you there.
However, I've found the post processor Regular Expression Extractor to be very easy and accurate.
The structure would like this:
1st Soap Request
-- regular expression stored to "var"
2nd Soap Request, using ${var}
The problem has been partially solved.
There was an issue in a wrong or badly, for JMeter, defined XPath query
reference name: var
XPath Query://name[contains(text(),'Prodrevision')]/parent::multiRef/value
After the XPath query I have added beanshell postprocessor with following code
print("Beanshell processing SOAP response");
print("var" +${var} );
So finally I see what value is being grabbed by the XPath extractor.
I have also installed xpather 1.4.5 as a Firefox add-on. And opened XML response and tuned a bit XPath query to have a proper answer. Then this was copied to JMeter and worked.
Next, in SOAP request that had to be sent by JMeter, I have put my XPath extractor value in the following way:
<name xsi:type="soapenc:string">Prodrevision</name>
<value xsi:type="soapenc:string">${var}</value>
and this again worked well for one thread.
Problem at this moment is with threads. If there is more than 1 (one) thread, it is generating wrong requests :-(