![]() We want to grab the value of the _csrf field because it would be impossible to make a login request without it. We are supposing that the server will respond with the login form with the “username”, “password”, and “_csrf” token fields. The “Home” element will make a GET request (method field) to the /web URL (path field). The third item in the Test Plan is a “Cookie Manager”, an element that records the cookies and shares them between subsequent requests.Īfter some infrastructure elements, we find the first “sampler”, an element that makes HTTP requests. We are testing a java web application that runs inside Tomcat but the technology stack and/or the platform used is irrelevant. The only default configured is the server name (localhost) and the port (8080). The second element is “Request Defaults” which sets some defaults for the requests in the Test Plan. ![]() In this example, we’ll use 5 users/threads, each one repeating the test for 50 times JMeter will start all threads in one second. threads), how many seconds JMeter will use to starts all the threads and how many loops any thread will make. The first element in the Test Plan is a “Thread Group” that specifies the user population of the test. Start JMeter: $ jmeter Load test a login page Go to their home page for details.Ĭlick here to download the JMeter Template file used in this guide. To follow these notes, a basic knowledge of JMeter is required. If you are interested, check, for example, the Wikipedia page or the OWASP page on this subject. It’s not in the scope of this note to explain what is a CSRF token and why you need to use one. When you want to test a login page with a username and a password, sometimes (each time, in theory) you need to manage a CSRF token.Ī CSRF token is used as a countermeasure against the Cross-Site Request Forgery (CSRF) attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |