jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepak Shetty <shet...@gmail.com>
Subject Re: Does JMeter record user name and password for HTTPs request...
Date Mon, 13 Sep 2010 17:31:23 GMT
Hi
I just tried recording GMail with Jmeter and the login request does get
recorded along with username / password - Did you chekc HTTPS Spoofing
enabled? You kight try recording in BadBoy
(though I got some other Cookie problem )
Also Gmail is a very poor candidate for record and replay tests because it
uses quite a bit of dynamic data if I remember correctly

regards
deepak

On Sun, Sep 12, 2010 at 10:08 AM, Tarun Bhaduria <bhaduria@yahoo-inc.com>wrote:

> I get your point. And I tried recording GMail.
> I got to see following two samples being recorded -
>
> server_name             path
> mail.google.com         /mail/
> www.google.co.in                /accounts/SetSID
>
> Both of these samples are recorded as http GET.
> and then I analyzed login process using Live HTTP headers in firefox.
> Live HTTP headers showed me many http requests but then one in which I was
> interested in is http POST. I suppose this is the one which posts my
> username and password for GMail.
>
> Lets get back to requests which are recorded by JMeter. I kept listener
> View Results Tree for both Samples and got to see following http requests -
>
> 2 http requests with first sample -
> http://mail.google.com/mail/
>
> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
>
> and 4 http requests with second sample -
>
> http://www.google.co.in/accounts/SetSID?ssdc=1&sidt=ALWU2csT9kC%2F2%2BKkPo%2BlDDDygTvjm%2Bv5LDFxWtm2wkrWFGt0CAsM30Je4%2BRczRlqF6%2BgmWu6kHuQb2FTdEwoJC8IN%2B3cY5STK6mWJ1nYvWWbh40ipJu55Cpx5w6mV6duJTagowonlxnVMq%2BLnOGTC6FCboj4WlzU8aXPnK45jnLp1Tk4pkgWFPsVjxfc7y89yCWduRu%2BBMTi9RiLA0O0a8V4jJx8r9q6AVQwSmXeCKlDMdZtkRGyRIdB6gREL1qukWB6%2B%2F5TjhCyU05iM8VkmYqGznYB3FkzepQwAKWOHe9A9bPwCGxjfqAAO5lHmi83PHGJwZpuPfIvLVkOSKNLVw19t9ku59GeOpobJzHjN1WkKhzxJp4cGjYXOmTsg60PjXPdsx%2FNvm%2Fa&continue=https%3A%2F%2Fwww.google.com%2Faccounts%2FServiceLogin%3Fpassive%3Dtrue%26go%3Dtrue%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fmail%252F%26service%3Dmail%26ltmpl%3Ddefault%26fss%3D1
>
> https://www.google.com/accounts/ServiceLogin?passive=true&go=true&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&ltmpl=default&fss=1
> https://mail.google.com/mail/
>
> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&ss=1&scc=1&ltmpl=default&ltmplcache=2
>
> Now I went back to browser and logged in while keeping Live HTTP headers on
> for firefox. I noticed there are many http POST displayed on live HTTP
> headers while my JMeter test did not record any of these post method. First
> post method being shown in Live HTTP headers is -
>
> https://www.google.com/accounts/ServiceLoginAuth
>
> and I thought this is the sampler missing in my JMeter test plan, so I
> added a sample manually as -
>
> server_name - https://www.google.com/
> path - accounts/ServiceLoginAuth
> with https POST
>
> I also added two parameters for username and password as -
> name - Email, Passwd
> Value - emailAddress, password
>
> I also added Listener View Results Tree for this new sampler.
> But to my dismay I did not get to see any result for the listener
> associated with new sampler.
> Either I have added wrong sampler or there is something which my little
> mind is not able to understand!
> And this looks same as my problem of not being able to record https post
> with my current project.
>
> Thanks
> Tarun K
>
>
>
>
>
>
> -----Original Message-----
> From: Deepak Shetty [mailto:shettyd@gmail.com]
> Sent: Sunday, September 12, 2010 8:20 AM
> To: JMeter Users List
> Subject: Re: Does JMeter record user name and password for HTTPs request...
>
> Hi
> asked and answered multiple times in mail archives
> http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour . Compare each
> request / response from Jmeter (using view results tree listener) against
> the browser. I find it quite unlikely that Jmeter recorded the request but
> not the username / password , its likely you are doing something wrong /
> looking at something else.
>
> regards
> deepak
>
> On Sat, Sep 11, 2010 at 10:53 AM, Tarun Bhaduria <bhaduria@yahoo-inc.com
> >wrote:
>
> > I used Live HTTP Headers and got to see where username and password is
> > posted for login.
> > I add those parameters manually o Jmeter sampler, added response
> assertion
> > to check URL after login sampler.
> > But response assertion always fails!!!
> >
> > I double checked the login sampler. It is set to https protocol, with
> POST
> > methods and parameters which I have added.
> > But when I execute the test, Response assertion fails for URL.
> >
> > Any guess?
> >
> > Thanks
> > ~ T
> >
> > -----Original Message-----
> > From: Deepak Shetty [mailto:shettyd@gmail.com]
> > Sent: Saturday, September 11, 2010 10:35 AM
> > To: JMeter Users List
> > Subject: Re: Does JMeter record user name and password for HTTPs
> request...
> >
> > a. It should record username / password and the value you are showing
> isnt
> > it.
> > b. Not all parameters are mandatory for an application and its possible
> > that
> > your app may work without this. However note that Jmeter marks samples as
> > passed when it gets a status code of 200. It does not trap application
> > errors , these need you to add your assertions to state what is expected
> > after which jmeter can flag errors when the assertion fails
> > c.Use something like LiveHttpHeaders in FF , login to your site, see
> where
> > the username/password is passed and compare the same with jmeter
> >
> > On Fri, Sep 10, 2010 at 9:54 PM, Tarun Bhaduria <bhaduria@yahoo-inc.com
> > >wrote:
> >
> > > Well,
> > >
> > > This question is in continuation of one of my initial query, but since
> it
> > > is tangential I am filing it as a different question.
> > > I have an app which on launch changes from http to https (here login
> > > happens)  and after logging in it again changes to http.
> > >
> > > I am using JMeter - 2.4 to record the request using http proxy, and
> then
> > > change it to protocol to https during replay and get to see all
> success.
> > >
> > > On the recorded sample of JMeter for login page I see following "
> > > http%3A%2F%2Foo.edu.test.com
> > %2Fcourse%2Frate%3Fcourse_id%3Dmedia-and-related-courses"
> > > under "Send Parameters With the request section"
> > > I was wondering to not see user name and password which I provide while
> > > logging in to https page.
> > > Does this parameter takes care of it? Does it contain encrypted
> username
> > > and password?
> > >
> > > Well I just removed this parameter and still got to see test running
> > > successfully!!!
> > > Where is JMeter hiding user name and password for my request?
> > >
> > > Thanks
> > > Tarun K
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message