Regular Expression Extractor Example

-
Regular Expression Extractor Example
Today, we will use the Regular Expression Extractor component in JMeter to extract server responses to make our test script dynamic in nature.
The script recorded below is for a site that uses Cross-Site Request Forger (CSRF) to prevent against malicious attacks that prey on user vulnerability.
A token is attached to each user's session that is then sent along with every request from that user.
Each user gets their own unique token, and therefore, using the same token for two users flags an error on the server and the request is denied. 
We will use Regular Expression to extract the CSRF token and correctly sent the unique token for the rest of the requests for that user in the test script.
Steps:
  1. Launch JMeter.
  2. Create a Script as below:
    1. 2 HTTP Requests, 1 with GET and 1 with POST
    2. POST Request with Body data as {"value":"hello"}
    3. Debug Sampler
    4. View Results Tree
    5. HTTP Cookie Manager


  1. Run the script.
  2. When we run the script as above, and observer the View Results Tree the script will fail at Regular Expression_Post with below Response code
Body size in bytes: 1081
Sample Count: 1
Error Count: 1
Response code: 403
Response message: Forbidden
  1. If we observer the request data, it has the below details.
POST data:
{"value":"hello"}
Cookie Data:
XSRF-TOKEN=8qxW-YJ3OwA782MfIRAgs6RH;
Note: This token is changing for each user.
  1. We observer a Forbidden stack in the Response data
  2. Now Let us add “Regular Expression Extractor” as below:

8.    All the requests pass in the View Results Tree
9.    If we compare the Debug Sampler requests, we observe addition of token variables
JMeterVariables:
JMeterThread.last_sample_ok=true
JMeterThread.pack=org.apache.jmeter.threads.SamplePackage@16cc34c
START.HMS=155212
START.MS=1429611732154
START.YMD=20150421
TESTSTART.MS=1429696159316
token=tTgfZSJsFjxVjom57uXflYcL
token_g=1
token_g0=XSRF-TOKEN=tTgfZSJsFjxVjom57uXflYcL;
token_g1=tTgfZSJsFjxVjom57uXflYcL


Comments

Post a Comment

Popular posts from this blog

Steps to Analyze AWR Report in Oracle

-
Image
Steps to Analyze AWR Report in Oracle AWR -   Automatic   workload repository is a collection of persistent   system performance   statistics   owned by SYS. It resides in SYSAUX   tablespace . By default snapshot are generated once every 60 min and maintained for 7 days . Each snapshot has a unique ID know as "snap_id". Snapshot detail can be found in " dba_hist_snapshot " view.   If we have Database performance issue and not the Database machine, then AWR Report is the place to look at. AWR is not used for real-time performance monitoring like the v$ tables. It is used for historical analysis of performance. AWR complements, but doesnot replace real-time monitoring. Once AWR Report is generated in Oracle, the next task is to analyze it. By going through the AWR Report we can easily solve issues like slow database, high wait events, slow query and many more issues. Even though the report is lengthy, Analyzing or Reading relevant part of AWR Report can
Read more

Vmstat Output explained

-
vmstat : vmstat is a tool in Unix/Linux which is used to Report virtual memory statistics. It shows how much virtual memory there is, how much is free and paging activity. Most important, you can observe page-ins and page-outs as they happen.   vmstat   reports   information about processes, memory, paging, block IO, traps, and cpu activity.   > vmstat procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----   r   b    swpd    free    buff   cache         si    so     bi     bo    in    cs us sy id wa st   0   0   21688 12797396 850716 15372668     0     0      3     35     0     0   1   0 99   0   0   0   0   21688 12789292 850716 15372668     0     0      0   1355   883   744   1   0 99   0   0   1   0   21688 12784648 850716 15372676     0     0      0     15 1934 1292   6   0 93   0   0   2   0   21688 12781356 850716 15372736     0     0      0     16 2222 2094   8   1 92   0   0   0   0   21688 12809992 850716 15376880     0
Read more

Verifications and Error Handling in LoadRunner *Web_reg_find and Web_reg_save_param*

-
Verification's and Error Handling Verification points must be inserted into the scripts to verify the application being tested with the load. Verification function that are used in our application are:  Web_reg_find, web_reg_save_param These verification should be outside towards the end of the transaction. Mandatory verification points: ■          Login – whenever there is a login, verification points must be added to verify that the user logged in correctly. ■          Update Transactions – transactions that update the database must be verified that they are successful. ■          Each page should be verified using Web_reg_find function Using Web _ reg_find for verifications. Example: web_reg_find("Text= Main Package","SaveCount=Verify_Count1",LAST); Verification: if (strcmp(lr_eval_string("{Verify_Count1}"),"0")==0) { lr_end_transaction("AddMainPackage", LR_FAIL);  lr_error_message(&q
Read more