jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tarun Bhaduria <bhadu...@yahoo-inc.com>
Subject RE: Does JMeter record user name and password for HTTPs request...
Date Tue, 14 Sep 2010 05:07:25 GMT
Badboy helps.
JMeter 2.4 tests could be recorded with Badboy 2.1.1 Beta version, as other versions of Bad
boy don't support JMeter 2.4

Tons of Thanks for all ur help.
~ T

-----Original Message-----
From: Deepak Shetty [mailto:shettyd@gmail.com] 
Sent: Monday, September 13, 2010 11:01 PM
To: JMeter Users List
Subject: Re: Does JMeter record user name and password for HTTPs request...

Hi
I just tried recording GMail with Jmeter and the login request does get
recorded along with username / password - Did you chekc HTTPS Spoofing
enabled? You kight try recording in BadBoy
(though I got some other Cookie problem )
Also Gmail is a very poor candidate for record and replay tests because it
uses quite a bit of dynamic data if I remember correctly

regards
deepak

On Sun, Sep 12, 2010 at 10:08 AM, Tarun Bhaduria <bhaduria@yahoo-inc.com>wrote:

> I get your point. And I tried recording GMail.
> I got to see following two samples being recorded -
>
> server_name             path
> mail.google.com         /mail/
> www.google.co.in                /accounts/SetSID
>
> Both of these samples are recorded as http GET.
> and then I analyzed login process using Live HTTP headers in firefox.
> Live HTTP headers showed me many http requests but then one in which I was
> interested in is http POST. I suppose this is the one which posts my
> username and password for GMail.
>
> Lets get back to requests which are recorded by JMeter. I kept listener
> View Results Tree for both Samples and got to see following http requests -
>
> 2 http requests with first sample -
> http://mail.google.com/mail/
>
> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
>
> and 4 http requests with second sample -
>
> http://www.google.co.in/accounts/SetSID?ssdc=1&sidt=ALWU2csT9kC%2F2%2BKkPo%2BlDDDygTvjm%2Bv5LDFxWtm2wkrWFGt0CAsM30Je4%2BRczRlqF6%2BgmWu6kHuQb2FTdEwoJC8IN%2B3cY5STK6mWJ1nYvWWbh40ipJu55Cpx5w6mV6duJTagowonlxnVMq%2BLnOGTC6FCboj4WlzU8aXPnK45jnLp1Tk4pkgWFPsVjxfc7y89yCWduRu%2BBMTi9RiLA0O0a8V4jJx8r9q6AVQwSmXeCKlDMdZtkRGyRIdB6gREL1qukWB6%2B%2F5TjhCyU05iM8VkmYqGznYB3FkzepQwAKWOHe9A9bPwCGxjfqAAO5lHmi83PHGJwZpuPfIvLVkOSKNLVw19t9ku59GeOpobJzHjN1WkKhzxJp4cGjYXOmTsg60PjXPdsx%2FNvm%2Fa&continue=https%3A%2F%2Fwww.google.com%2Faccounts%2FServiceLogin%3Fpassive%3Dtrue%26go%3Dtrue%26continue%3Dhttps%253A%252F%252Fmail.google.com%252Fmail%252F%26service%3Dmail%26ltmpl%3Ddefault%26fss%3D1
>
> https://www.google.com/accounts/ServiceLogin?passive=true&go=true&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F&service=mail&ltmpl=default&fss=1
> https://mail.google.com/mail/
>
> https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&ss=1&scc=1&ltmpl=default&ltmplcache=2
>
> Now I went back to browser and logged in while keeping Live HTTP headers on
> for firefox. I noticed there are many http POST displayed on live HTTP
> headers while my JMeter test did not record any of these post method. First
> post method being shown in Live HTTP headers is -
>
> https://www.google.com/accounts/ServiceLoginAuth
>
> and I thought this is the sampler missing in my JMeter test plan, so I
> added a sample manually as -
>
> server_name - https://www.google.com/
> path - accounts/ServiceLoginAuth
> with https POST
>
> I also added two parameters for username and password as -
> name - Email, Passwd
> Value - emailAddress, password
>
> I also added Listener View Results Tree for this new sampler.
> But to my dismay I did not get to see any result for the listener
> associated with new sampler.
> Either I have added wrong sampler or there is something which my little
> mind is not able to understand!
> And this looks same as my problem of not being able to record https post
> with my current project.
>
> Thanks
> Tarun K
>
>
>
>
>
>
> -----Original Message-----
> From: Deepak Shetty [mailto:shettyd@gmail.com]
> Sent: Sunday, September 12, 2010 8:20 AM
> To: JMeter Users List
> Subject: Re: Does JMeter record user name and password for HTTPs request...
>
> Hi
> asked and answered multiple times in mail archives
> http://wiki.apache.org/jakarta-jmeter/DifferentBehaviour . Compare each
> request / response from Jmeter (using view results tree listener) against
> the browser. I find it quite unlikely that Jmeter recorded the request but
> not the username / password , its likely you are doing something wrong /
> looking at something else.
>
> regards
> deepak
>
> On Sat, Sep 11, 2010 at 10:53 AM, Tarun Bhaduria <bhaduria@yahoo-inc.com
> >wrote:
>
> > I used Live HTTP Headers and got to see where username and password is
> > posted for login.
> > I add those parameters manually o Jmeter sampler, added response
> assertion
> > to check URL after login sampler.
> > But response assertion always fails!!!
> >
> > I double checked the login sampler. It is set to https protocol, with
> POST
> > methods and parameters which I have added.
> > But when I execute the test, Response assertion fails for URL.
> >
> > Any guess?
> >
> > Thanks
> > ~ T
> >
> > -----Original Message-----
> > From: Deepak Shetty [mailto:shettyd@gmail.com]
> > Sent: Saturday, September 11, 2010 10:35 AM
> > To: JMeter Users List
> > Subject: Re: Does JMeter record user name and password for HTTPs
> request...
> >
> > a. It should record username / password and the value you are showing
> isnt
> > it.
> > b. Not all parameters are mandatory for an application and its possible
> > that
> > your app may work without this. However note that Jmeter marks samples as
> > passed when it gets a status code of 200. It does not trap application
> > errors , these need you to add your assertions to state what is expected
> > after which jmeter can flag errors when the assertion fails
> > c.Use something like LiveHttpHeaders in FF , login to your site, see
> where
> > the username/password is passed and compare the same with jmeter
> >
> > On Fri, Sep 10, 2010 at 9:54 PM, Tarun Bhaduria <bhaduria@yahoo-inc.com
> > >wrote:
> >
> > > Well,
> > >
> > > This question is in continuation of one of my initial query, but since
> it
> > > is tangential I am filing it as a different question.
> > > I have an app which on launch changes from http to https (here login
> > > happens)  and after logging in it again changes to http.
> > >
> > > I am using JMeter - 2.4 to record the request using http proxy, and
> then
> > > change it to protocol to https during replay and get to see all
> success.
> > >
> > > On the recorded sample of JMeter for login page I see following "
> > > http%3A%2F%2Foo.edu.test.com
> > %2Fcourse%2Frate%3Fcourse_id%3Dmedia-and-related-courses"
> > > under "Send Parameters With the request section"
> > > I was wondering to not see user name and password which I provide while
> > > logging in to https page.
> > > Does this parameter takes care of it? Does it contain encrypted
> username
> > > and password?
> > >
> > > Well I just removed this parameter and still got to see test running
> > > successfully!!!
> > > Where is JMeter hiding user name and password for my request?
> > >
> > > Thanks
> > > Tarun K
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-user-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-user-help@jakarta.apache.org


Mime
View raw message