You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jmeter.apache.org by nmq <nm...@gmail.com> on 2013/06/19 16:52:33 UTC
CSRF
Hi All
I've run into an issue. Our development team made some changes yesterday
and today I'm getting an error "Error 401--Unauthorized" response for an
HTTP request.
I examined the responses in Fiddler and I noticed this in the head tag.
<script type="text/javascript">
$.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
</script>
I did some research on what CSRF is and found all kind of info on Django.
Also found a blog saying cookie manager should be able to handle this
authentication, by combining two elements.... by setting the save.cookie
property in jmeter to true and to reference the CSRF token in an HTTP
request.
I've tried this solution and it doesn't seem to work. I'm still getting the
error.
I've also been reading django documentation and trying to make sense of it
all. I would appreciate it if someone can help out and explain in simple
terms (I'm not a programmer) exactly how do I go about solving this issue.
Any guidance would be highly appreciated.
Thank you
Sam
Re: CSRF
Posted by Madhu Sekhar <ma...@gmail.com>.
Yes ... Please write a regex and and pass it all samplers where do you see
csrf value as $(reference name)
Note : use braces instead of paranthesis.
On Thursday, June 20, 2013, nmq <nm...@gmail.com> wrote:
> I'm hunting for a solution to this and if I can get a quicker answer here,
> that would help.
>
> This second cookie value (CSRF value) that I've retrieved is to be posted
> with all my HTTP Samplers. The cookie being set at the header is being
> managed by Cookie Manager so no issues there.
>
> My questions is that is there a way to pass this parameter (CSRF value)
for
> all samplers instead of setting it under each HTTP Request individually?
>
> Regards
> Sam
>
>
> On Wed, Jun 19, 2013 at 2:43 PM, nmq <nm...@gmail.com> wrote:
>
>> Yes, regex and cookies.
>>
>> The information given in "Logging in" section of this blog helped a lot.
>>
>>
http://lincolnloop.com/blog/2011/sep/21/load-testing-jmeter-part-1-getting-started/
>>
>> Regards
>> Sam
>>
>>
>> On Wed, Jun 19, 2013 at 2:35 PM, Madhu Sekhar <madhuvchandana@gmail.com
>wrote:
>>
>>> Is it from regex or any other matters?
>>>
>>> On Thursday, June 20, 2013, nmq <nm...@gmail.com> wrote:
>>> > I figured it out. Took a lot of googling and reading blogs, but I got
it
>>> to
>>> > work.
>>> > Thanks for your help
>>> >
>>> >
>>> > On Wed, Jun 19, 2013 at 11:22 AM, Madhu Sekhar <
>>> madhuvchandana@gmail.com
>>> >wrote:
>>> >
>>> >> Then Did you Write a RegEx to Correlate in the script? if not Please
do
>>> it.
>>> >>
>>> >> Thanks,
>>> >> Madhu
>>> >>
>>> >>
>>> >>
>>> >> On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
>>> >>
>>> >> > Yes, it changes.
>>> >> >
>>> >> >
>>> >> > On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <
>>> madhuvchandana@gmail.com
>>> >> > >wrote:
>>> >> >
>>> >> > > Does the below value in the script change for every
session/login?
>>> >> > >
>>> >> > > 'f3e8822f-3b26-
>>> >> > > 48fd-b1ff-6c80742fe28f
>>> >> > >
>>> >> > > Thanks,
>>> >> > > Madhu
>>> >> > >
>>> >> > >
>>> >> > > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
>>> >> > >
>>> >> > > > Hi All
>>> >> > > >
>>> >> > > > I've run into an issue. Our development team made some changes
>>> >> > yesterday
>>> >> > > > and today I'm getting an error "Error 401--Unauthorized"
response
>>> for
>>> >> > an
>>> >> > > > HTTP request.
>>> >> > > >
>>> >> > > > I examined the responses in Fiddler and I noticed this in the
>>> head
>>> >> tag.
>>> >> > > >
>>> >> > > > <script type="text/javascript">
>>> >> > > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
>>> >> > > > </script>
>>> >> > > >
>>> >> > > > I did some research on what CSRF is and found all kind of info
>>> on
>>> >> > > Django.
>>> >> > > > Also found a blog saying cookie manager should be able to
handle
>>> this
>>> >> > > > authentication, by combining two elements.... by setting the
>>> >> > save.cookie
>>> >> > > > property in jmeter to true and to reference the CSRF token in
an
>>> HTTP
>>> >> > > > request.
>>> >> > > >
>>> >> > > > I've tried this solution and it doesn't seem to work. I'm still
>>> >> getting
>>> >> > > the
>>> >> > > > error.
>>> >> > > >
>>> >> > > > I've also been reading django documentation and trying to make
>>> sense
>>> >> of
>>> >> > > it
>>> >> > > > all. I would appreciate it if someone can help out and explain
in
>
--
madhu kk
Re: CSRF
Posted by nmq <nm...@gmail.com>.
I'm hunting for a solution to this and if I can get a quicker answer here,
that would help.
This second cookie value (CSRF value) that I've retrieved is to be posted
with all my HTTP Samplers. The cookie being set at the header is being
managed by Cookie Manager so no issues there.
My questions is that is there a way to pass this parameter (CSRF value) for
all samplers instead of setting it under each HTTP Request individually?
Regards
Sam
On Wed, Jun 19, 2013 at 2:43 PM, nmq <nm...@gmail.com> wrote:
> Yes, regex and cookies.
>
> The information given in "Logging in" section of this blog helped a lot.
>
> http://lincolnloop.com/blog/2011/sep/21/load-testing-jmeter-part-1-getting-started/
>
> Regards
> Sam
>
>
> On Wed, Jun 19, 2013 at 2:35 PM, Madhu Sekhar <ma...@gmail.com>wrote:
>
>> Is it from regex or any other matters?
>>
>> On Thursday, June 20, 2013, nmq <nm...@gmail.com> wrote:
>> > I figured it out. Took a lot of googling and reading blogs, but I got it
>> to
>> > work.
>> > Thanks for your help
>> >
>> >
>> > On Wed, Jun 19, 2013 at 11:22 AM, Madhu Sekhar <
>> madhuvchandana@gmail.com
>> >wrote:
>> >
>> >> Then Did you Write a RegEx to Correlate in the script? if not Please do
>> it.
>> >>
>> >> Thanks,
>> >> Madhu
>> >>
>> >>
>> >>
>> >> On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
>> >>
>> >> > Yes, it changes.
>> >> >
>> >> >
>> >> > On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <
>> madhuvchandana@gmail.com
>> >> > >wrote:
>> >> >
>> >> > > Does the below value in the script change for every session/login?
>> >> > >
>> >> > > 'f3e8822f-3b26-
>> >> > > 48fd-b1ff-6c80742fe28f
>> >> > >
>> >> > > Thanks,
>> >> > > Madhu
>> >> > >
>> >> > >
>> >> > > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
>> >> > >
>> >> > > > Hi All
>> >> > > >
>> >> > > > I've run into an issue. Our development team made some changes
>> >> > yesterday
>> >> > > > and today I'm getting an error "Error 401--Unauthorized" response
>> for
>> >> > an
>> >> > > > HTTP request.
>> >> > > >
>> >> > > > I examined the responses in Fiddler and I noticed this in the
>> head
>> >> tag.
>> >> > > >
>> >> > > > <script type="text/javascript">
>> >> > > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
>> >> > > > </script>
>> >> > > >
>> >> > > > I did some research on what CSRF is and found all kind of info
>> on
>> >> > > Django.
>> >> > > > Also found a blog saying cookie manager should be able to handle
>> this
>> >> > > > authentication, by combining two elements.... by setting the
>> >> > save.cookie
>> >> > > > property in jmeter to true and to reference the CSRF token in an
>> HTTP
>> >> > > > request.
>> >> > > >
>> >> > > > I've tried this solution and it doesn't seem to work. I'm still
>> >> getting
>> >> > > the
>> >> > > > error.
>> >> > > >
>> >> > > > I've also been reading django documentation and trying to make
>> sense
>> >> of
>> >> > > it
>> >> > > > all. I would appreciate it if someone can help out and explain in
>> >> > simple
>> >> > > > terms (I'm not a programmer) exactly how do I go about solving
>> this
>> >> > > issue.
>> >> > > >
>> >> > > > Any guidance would be highly appreciated.
>> >> > > >
>> >> > > > Thank you
>> >> > > > Sam
>> >> > > >
>> >> > >
>> >> > >
>> >> > >
>> >> > > --
>> >> > > madhu kk
>> >> > >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> madhu kk
>> >>
>> >
>>
>> --
>> madhu kk
>>
>
>
Re: CSRF
Posted by nmq <nm...@gmail.com>.
Yes, regex and cookies.
The information given in "Logging in" section of this blog helped a lot.
http://lincolnloop.com/blog/2011/sep/21/load-testing-jmeter-part-1-getting-started/
Regards
Sam
On Wed, Jun 19, 2013 at 2:35 PM, Madhu Sekhar <ma...@gmail.com>wrote:
> Is it from regex or any other matters?
>
> On Thursday, June 20, 2013, nmq <nm...@gmail.com> wrote:
> > I figured it out. Took a lot of googling and reading blogs, but I got it
> to
> > work.
> > Thanks for your help
> >
> >
> > On Wed, Jun 19, 2013 at 11:22 AM, Madhu Sekhar <madhuvchandana@gmail.com
> >wrote:
> >
> >> Then Did you Write a RegEx to Correlate in the script? if not Please do
> it.
> >>
> >> Thanks,
> >> Madhu
> >>
> >>
> >>
> >> On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
> >>
> >> > Yes, it changes.
> >> >
> >> >
> >> > On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <
> madhuvchandana@gmail.com
> >> > >wrote:
> >> >
> >> > > Does the below value in the script change for every session/login?
> >> > >
> >> > > 'f3e8822f-3b26-
> >> > > 48fd-b1ff-6c80742fe28f
> >> > >
> >> > > Thanks,
> >> > > Madhu
> >> > >
> >> > >
> >> > > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
> >> > >
> >> > > > Hi All
> >> > > >
> >> > > > I've run into an issue. Our development team made some changes
> >> > yesterday
> >> > > > and today I'm getting an error "Error 401--Unauthorized" response
> for
> >> > an
> >> > > > HTTP request.
> >> > > >
> >> > > > I examined the responses in Fiddler and I noticed this in the head
> >> tag.
> >> > > >
> >> > > > <script type="text/javascript">
> >> > > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> >> > > > </script>
> >> > > >
> >> > > > I did some research on what CSRF is and found all kind of info on
> >> > > Django.
> >> > > > Also found a blog saying cookie manager should be able to handle
> this
> >> > > > authentication, by combining two elements.... by setting the
> >> > save.cookie
> >> > > > property in jmeter to true and to reference the CSRF token in an
> HTTP
> >> > > > request.
> >> > > >
> >> > > > I've tried this solution and it doesn't seem to work. I'm still
> >> getting
> >> > > the
> >> > > > error.
> >> > > >
> >> > > > I've also been reading django documentation and trying to make
> sense
> >> of
> >> > > it
> >> > > > all. I would appreciate it if someone can help out and explain in
> >> > simple
> >> > > > terms (I'm not a programmer) exactly how do I go about solving
> this
> >> > > issue.
> >> > > >
> >> > > > Any guidance would be highly appreciated.
> >> > > >
> >> > > > Thank you
> >> > > > Sam
> >> > > >
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > madhu kk
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> madhu kk
> >>
> >
>
> --
> madhu kk
>
Re: CSRF
Posted by Madhu Sekhar <ma...@gmail.com>.
Is it from regex or any other matters?
On Thursday, June 20, 2013, nmq <nm...@gmail.com> wrote:
> I figured it out. Took a lot of googling and reading blogs, but I got it
to
> work.
> Thanks for your help
>
>
> On Wed, Jun 19, 2013 at 11:22 AM, Madhu Sekhar <madhuvchandana@gmail.com
>wrote:
>
>> Then Did you Write a RegEx to Correlate in the script? if not Please do
it.
>>
>> Thanks,
>> Madhu
>>
>>
>>
>> On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
>>
>> > Yes, it changes.
>> >
>> >
>> > On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <
madhuvchandana@gmail.com
>> > >wrote:
>> >
>> > > Does the below value in the script change for every session/login?
>> > >
>> > > 'f3e8822f-3b26-
>> > > 48fd-b1ff-6c80742fe28f
>> > >
>> > > Thanks,
>> > > Madhu
>> > >
>> > >
>> > > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
>> > >
>> > > > Hi All
>> > > >
>> > > > I've run into an issue. Our development team made some changes
>> > yesterday
>> > > > and today I'm getting an error "Error 401--Unauthorized" response
for
>> > an
>> > > > HTTP request.
>> > > >
>> > > > I examined the responses in Fiddler and I noticed this in the head
>> tag.
>> > > >
>> > > > <script type="text/javascript">
>> > > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
>> > > > </script>
>> > > >
>> > > > I did some research on what CSRF is and found all kind of info on
>> > > Django.
>> > > > Also found a blog saying cookie manager should be able to handle
this
>> > > > authentication, by combining two elements.... by setting the
>> > save.cookie
>> > > > property in jmeter to true and to reference the CSRF token in an
HTTP
>> > > > request.
>> > > >
>> > > > I've tried this solution and it doesn't seem to work. I'm still
>> getting
>> > > the
>> > > > error.
>> > > >
>> > > > I've also been reading django documentation and trying to make
sense
>> of
>> > > it
>> > > > all. I would appreciate it if someone can help out and explain in
>> > simple
>> > > > terms (I'm not a programmer) exactly how do I go about solving this
>> > > issue.
>> > > >
>> > > > Any guidance would be highly appreciated.
>> > > >
>> > > > Thank you
>> > > > Sam
>> > > >
>> > >
>> > >
>> > >
>> > > --
>> > > madhu kk
>> > >
>> >
>>
>>
>>
>> --
>> madhu kk
>>
>
--
madhu kk
Re: CSRF
Posted by nmq <nm...@gmail.com>.
I figured it out. Took a lot of googling and reading blogs, but I got it to
work.
Thanks for your help
On Wed, Jun 19, 2013 at 11:22 AM, Madhu Sekhar <ma...@gmail.com>wrote:
> Then Did you Write a RegEx to Correlate in the script? if not Please do it.
>
> Thanks,
> Madhu
>
>
>
> On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
>
> > Yes, it changes.
> >
> >
> > On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <madhuvchandana@gmail.com
> > >wrote:
> >
> > > Does the below value in the script change for every session/login?
> > >
> > > 'f3e8822f-3b26-
> > > 48fd-b1ff-6c80742fe28f
> > >
> > > Thanks,
> > > Madhu
> > >
> > >
> > > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
> > >
> > > > Hi All
> > > >
> > > > I've run into an issue. Our development team made some changes
> > yesterday
> > > > and today I'm getting an error "Error 401--Unauthorized" response for
> > an
> > > > HTTP request.
> > > >
> > > > I examined the responses in Fiddler and I noticed this in the head
> tag.
> > > >
> > > > <script type="text/javascript">
> > > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> > > > </script>
> > > >
> > > > I did some research on what CSRF is and found all kind of info on
> > > Django.
> > > > Also found a blog saying cookie manager should be able to handle this
> > > > authentication, by combining two elements.... by setting the
> > save.cookie
> > > > property in jmeter to true and to reference the CSRF token in an HTTP
> > > > request.
> > > >
> > > > I've tried this solution and it doesn't seem to work. I'm still
> getting
> > > the
> > > > error.
> > > >
> > > > I've also been reading django documentation and trying to make sense
> of
> > > it
> > > > all. I would appreciate it if someone can help out and explain in
> > simple
> > > > terms (I'm not a programmer) exactly how do I go about solving this
> > > issue.
> > > >
> > > > Any guidance would be highly appreciated.
> > > >
> > > > Thank you
> > > > Sam
> > > >
> > >
> > >
> > >
> > > --
> > > madhu kk
> > >
> >
>
>
>
> --
> madhu kk
>
Re: CSRF
Posted by Madhu Sekhar <ma...@gmail.com>.
Then Did you Write a RegEx to Correlate in the script? if not Please do it.
Thanks,
Madhu
On Wed, Jun 19, 2013 at 8:49 PM, nmq <nm...@gmail.com> wrote:
> Yes, it changes.
>
>
> On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <madhuvchandana@gmail.com
> >wrote:
>
> > Does the below value in the script change for every session/login?
> >
> > 'f3e8822f-3b26-
> > 48fd-b1ff-6c80742fe28f
> >
> > Thanks,
> > Madhu
> >
> >
> > On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
> >
> > > Hi All
> > >
> > > I've run into an issue. Our development team made some changes
> yesterday
> > > and today I'm getting an error "Error 401--Unauthorized" response for
> an
> > > HTTP request.
> > >
> > > I examined the responses in Fiddler and I noticed this in the head tag.
> > >
> > > <script type="text/javascript">
> > > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> > > </script>
> > >
> > > I did some research on what CSRF is and found all kind of info on
> > Django.
> > > Also found a blog saying cookie manager should be able to handle this
> > > authentication, by combining two elements.... by setting the
> save.cookie
> > > property in jmeter to true and to reference the CSRF token in an HTTP
> > > request.
> > >
> > > I've tried this solution and it doesn't seem to work. I'm still getting
> > the
> > > error.
> > >
> > > I've also been reading django documentation and trying to make sense of
> > it
> > > all. I would appreciate it if someone can help out and explain in
> simple
> > > terms (I'm not a programmer) exactly how do I go about solving this
> > issue.
> > >
> > > Any guidance would be highly appreciated.
> > >
> > > Thank you
> > > Sam
> > >
> >
> >
> >
> > --
> > madhu kk
> >
>
--
madhu kk
Re: CSRF
Posted by nmq <nm...@gmail.com>.
Yes, it changes.
On Wed, Jun 19, 2013 at 11:02 AM, Madhu Sekhar <ma...@gmail.com>wrote:
> Does the below value in the script change for every session/login?
>
> 'f3e8822f-3b26-
> 48fd-b1ff-6c80742fe28f
>
> Thanks,
> Madhu
>
>
> On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
>
> > Hi All
> >
> > I've run into an issue. Our development team made some changes yesterday
> > and today I'm getting an error "Error 401--Unauthorized" response for an
> > HTTP request.
> >
> > I examined the responses in Fiddler and I noticed this in the head tag.
> >
> > <script type="text/javascript">
> > $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> > </script>
> >
> > I did some research on what CSRF is and found all kind of info on
> Django.
> > Also found a blog saying cookie manager should be able to handle this
> > authentication, by combining two elements.... by setting the save.cookie
> > property in jmeter to true and to reference the CSRF token in an HTTP
> > request.
> >
> > I've tried this solution and it doesn't seem to work. I'm still getting
> the
> > error.
> >
> > I've also been reading django documentation and trying to make sense of
> it
> > all. I would appreciate it if someone can help out and explain in simple
> > terms (I'm not a programmer) exactly how do I go about solving this
> issue.
> >
> > Any guidance would be highly appreciated.
> >
> > Thank you
> > Sam
> >
>
>
>
> --
> madhu kk
>
Re: CSRF
Posted by Madhu Sekhar <ma...@gmail.com>.
Does the below value in the script change for every session/login?
'f3e8822f-3b26-
48fd-b1ff-6c80742fe28f
Thanks,
Madhu
On Wed, Jun 19, 2013 at 8:22 PM, nmq <nm...@gmail.com> wrote:
> Hi All
>
> I've run into an issue. Our development team made some changes yesterday
> and today I'm getting an error "Error 401--Unauthorized" response for an
> HTTP request.
>
> I examined the responses in Fiddler and I noticed this in the head tag.
>
> <script type="text/javascript">
> $.setCSRFNonce('f3e8822f-3b26-48fd-b1ff-6c80742fe28f');
> </script>
>
> I did some research on what CSRF is and found all kind of info on Django.
> Also found a blog saying cookie manager should be able to handle this
> authentication, by combining two elements.... by setting the save.cookie
> property in jmeter to true and to reference the CSRF token in an HTTP
> request.
>
> I've tried this solution and it doesn't seem to work. I'm still getting the
> error.
>
> I've also been reading django documentation and trying to make sense of it
> all. I would appreciate it if someone can help out and explain in simple
> terms (I'm not a programmer) exactly how do I go about solving this issue.
>
> Any guidance would be highly appreciated.
>
> Thank you
> Sam
>
--
madhu kk