I have recorded the JMeter script from blazemeter. It is working fine in website. When i run the jmx file Its throwing an error below..
"alert("Something went wrong. Please try again");window.history.back();"
This is the issue with JMeter script or application. I am getting response from server 200.
Most probably your script lacks correlation of the dynamic parameters (or it's not working properly)
In the majority of cases you won't be able to just replay recorded script, modern web applications heavily rely on dynamic parameters for establishing user session, tracking client side state, security reasons and so on.
So you need to identify all the parameters, extract them using suitable Post-Processors and replace recorded hard-coded values with the JMeter Variables originating from the Post-Processors.
And don't forget to add HTTP Cookie Manager to your test plan if it's not there yet.
Related
I am working on performance testing using jmeter for my application
I am able to successfully record a test plan. Each http request to server has got __OSVSTATE & viewstate attribute value in request.
While navigating from one page to another I am able to extract this attribute from page using Regular expression extractor and used it in the new subsequent request.
I have some pages in my applications which sends ajax requests multiple times, for each response of request a new __OSVSTATE attribute value is getting generated and sent in the <script> </script> tag json format and it seems this value gets used in the new request.
Can someone give me suggestions to achieve this in JMeter?
Each record inside container has html button using which user clicks accept button.
In JMeter I am recording this whole process, after successful recording when I start script again in the JMeter - result tree shows response only in json format and not in HTML view like other pages.
I am able to execute http request there is one request- '/PerformanceProbe/rest/BeaconInternal/WebScreenClientExecutedEvent' which internally gets execute and fails.
Do you know reason behind this or if you have any other suggestions or solutions please share here.
There are two ways of creating scripts in Jmeter for web applications. Firstly, you can create selenium scripts in jmeter using "JMeter's WebDriver Sampler" which will launch browser, perform different actions. Secondly, you can use the HTTP sampler which will record network requests. i.e. it will not display browser and work on the request/response level. For now, you are using the second method and that is the reason you are unable to see HTML.
The first method is not recommended for high user load because it consumes a lot of memory.
Regarding failure of the network requests, you need to make sure that all the parameters and headers are properly used.
I am trying to checkout using PayPal in sandbox environment in my script in JMeter.
It throws an error in the response tree as were sorry, but to checkout using PayPal, you need to turn on javascript and enable cookies in your web browsers settings.
Load testing PayPal is not the best idea, I would recommend leaving it to PayPal QA engineers and focus solely on your application. Even if you figure out that PayPal operations are slow - I don't think you will be able to do anything with it.
In regards to your question itself: well-behaved JMeter test must represent a real user using real browser as close as possible with all related stuff (cookies, headers, cache, think times, etc.). So first of all add HTTP Cookie Manager to your Test Plan.
Also be aware that according to JMeter main page:
JMeter is not a browser, it works at protocol level. As far as web-services and remote services are concerned, JMeter looks like a browser (or rather, multiple browsers); however JMeter does not perform all the actions supported by browsers. In particular, JMeter does not execute the Javascript found in HTML pages. Nor does it render the HTML pages as a browser does
So if the application you're testing is built using AJAX technology don't expect JMeter to create and send JavaScript-driven requests, you will need to add HTTP Request samplers to mimic them.
Check out How to make JMeter behave more like a real browser article for more tips and tricks
Is there any possible way to track a Chrome extension's outgoing network communication from a website?
Let's assume, that a Chrome 'content script' extension sends AJAX queries to a server on a specified IP to create custom analytics. This extension works in the browser while the user browses through various websites.
Is there any possibility for these websites to track what the extension does ( that it opens AJAX ) or where it sends data to? ( To which IP it was trying to send AJAX query )
UPDATE
To be clear, I am curious about an independent third-party website's tracking abilities, not the extension-user's.
UPDATE
More clarification: the extension is sending request to a server not related to the servers/websites the user is browsing.
EXAMPLE
User is browsing Youtube, and Facebook daily. This extension sends AJAX queries to a storage server where the user's visited URL-s are stored. ( Youtube and Facebook ). What I would like to know is, does f.e. Facebook know, that this extension does this, and what's the IP of the storage server?
Basically, no, because of the concept of isolated world. Emphasis mine:
Content scripts execute in a special environment called an isolated world. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page. It looks to each content script as if there is no other JavaScript executing on the page it is running on. The same is true in reverse: JavaScript running on the page cannot call any functions or access any variables defined by content scripts.
So if you were thinking of doing something like overriding XMLHttpRequest, this would not work, as a content script has a "safe harbour" you can't touch.
And that's even before the possibility to delegate network operations to the background script, which is a completely different origin.
There is an exception to this: an extension can sometimes inject code directly into the page context. Then it coexists with the website JavaScript and in theory one can spy on another. In practice, however, an extension can execute its code before any of the website's code has a chance to react, and therefore stealth / shield itself from interference.
Maybe this is overkill but you can try to sniff your own traffic using Wireshark (or any other program) and have a look at the requests. If they are using https then things will be harder and you will have to decrypt the traffic.
Python has a module called httplib which allows for the retrieval of an html resource from a URL. With this code:
httpServ = httplib.HTTPConnection("www.google.com")
httpServ.connect()
httpServ.request('GET',"/search?q=python")
...
httpServ.close()
I am trying to do the same thing in my angular app, but using $http get doesn't allow me to retrieve the html document due to the same origin policy.
Is there anything similar to the python method available in JavaScript?
So, the Same-Origin Policy has nothing to do with JavaScript. It basically says "don't allow scripts on a page to talk to scripts being run by another host."
This is an extremely important security feature. It means that if you put jQuery on your page, and somehow a jQuery CDN got hacked and they changed jQuery to send your passwords to another page, it wouldn't work (so long as the browser properly enforces the Same-Origin Policy).
You don't have this problem when working with Python because Python exclusively runs on the server (from a web-app perspective). Your server can talk to any machine it wants to, but browsers do not (and should not as seen above) give that freedom to webpages.
So, how to solve your problem? Make your GET request to a script running on your server. Have your server do a curl or wget or w/e of google.com, then have your server send the data back to the client.
I am working on allowing a chrome extension to post a new entry to my site via post data.
I want to be able to lock it down so only the chrome extension can post. If I get post data from anywhere else I want to reject it.
Does anyone know if/how this is possible or how you would go about doing it?
Unfortunately, validating clients (whether a Chrome extension, an Android app, an iOS app, client-side JavaScript, or some other client) from a web server is an unsolved problem.
There are some things that you can do to deter abuse and mitigate this problem such as:
Requiring user authentication (and rate-limiting usage per-user)
Rate-limiting access on the basis of IP addresses
Requiring tokens to be provided that are handed out in prior requests (this can be used to ensure that certain APIs are called in certain expected orders / patterns).
Showing a CAPTCHA or other challenge for anomolous or over-limit usage
While you can additionally check things such as user agent, referrer URL, or a token that you embed in the Chrome extension, with any distributed application, it is easy to reverse-engineer these and mimick them in a counterfeit app, and so these aren't true solutions.
You can add a simple check in the code.
Following code stops anyone who is trying to access your api outside the chrome extension.
if(substr($_SERVER['HTTP_ORIGIN'],0,19) !== "chrome-extension://") die("Not Allowed")