堆栈内存溢出
  简体   繁体   English

具有CSRF令牌的JMeter授权失败(401错误)

[英]JMeter authorization with CSRF Token fails (401 error)

 原文  2017-06-21 07:09:43       cookies/ jmeter/ authorization/ csrf

问题描述

I'm fairly new to JMeter so I've got stuck on the most obvious scenario - log in. 我对JMeter还是很陌生,所以我陷入了最明显的情况-登录。

I've recorded the scenario via jmeter, and there were 3 send parameters on log in: username, password and CSRF-Token, so I have next scenario: 我已经通过jmeter记录了该场景,并且在登录时有3个发送参数:用户名,密码和CSRF-Token,所以我有下一个场景:

  • Load login page (GET) + Regular expression extractor ( receiving CSRF token from cookies) 加载登录页面(GET)+正则表达式提取器(从cookie 接收 CSRF令牌)
  • POST username, password and csrf-token received in the previous step 上一步收到的POST用户名,密码和csrf令牌

But still I receive a 'CSRF token is missing' in logs despite that it's sent in parameters. 但是尽管我在参数中发送了通知,但仍然在日志中收到“ CSRF令牌丢失”的信息。 Seems like I send not enough cookies, but I simply don't know how to send more :D 好像我发送的Cookie不够,但是我根本不知道如何发送更多的:D

And the second problem: I receive set of tokens divided with ':' and on actual log in, it takes one of the tokens from the list. 第二个问题:我收到一组用':'分隔的令牌,并在实际登录时从列表中获取一个令牌。 How can I do the same? 我该怎么做? Currently, I'm taking only the 1st CSRF token from the set. 目前,我仅从集合中获取第一个CSRF令牌。

1 个解决方案

解决方案1
 0 已采纳  2017-06-26 17:41:13

Here are a couple of things to try: With cookies, make sure you have an HTTP Cookie Manager set globally in your Test Plan. 您可以尝试以下几件事:对于cookie,请确保在测试计划中全局设置了HTTP Cookie管理器。 If you need to put that value in your post, then you can reference it with a cookie prefix ${COOKIE_cookieName} where cookieName is the name of your cookie. 如果您需要在帖子中添加该值,则可以使用cookie前缀$ {COOKIE_cookieName}引用它,其中cookieName是cookie的名称。 BUT, for this to work, you need to have this property in the properties file set: CookieManager.save.cookies=true 但是,要使其正常工作,您需要在属性文件集中设置以下属性:CookieManager.save.cookies = true

Also, make sure that you specify in your post whether the variable with your cookie value needs to be encoded or not. 另外,请确保在帖子中指定是否需要对具有cookie值的变量进行编码。 I'm not sure if JMeter stores the cookies URL encoded or not. 我不确定JMeter是否存储经编码的cookie URL。

However, if the cookie is not a required parameter, the HTTP Cookie Manager will pass any needed cookies automatically. 但是,如果cookie不是必需参数,则HTTP Cookie管理器将自动传递任何需要的cookie。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Jmeter 406错误-找不到令牌 - Jmeter 406 error - token not found django csrf令牌错误-禁止(未设置CSRF cookie。) - django csrf token error - Forbidden (CSRF cookie not set.) 使用 Angular 的 ASP.NET Core 中的 CSRF 令牌验证失败 - CSRF Token validation fails in ASP.NET Core with Angular Django 1.9 AJAX表单CSRF令牌403错误 - “未设置CSRF cookie” - Django 1.9 AJAX form CSRF token 403 error - “CSRF cookie not set” 缺少 Csrf 令牌 cookie - Missing Csrf token cookie Django CSRF 令牌与 Axios - Django CSRF Token with Axios 使用Django csrf令牌填充Cookie - Populate a cookie with a Django csrf token CSRF令牌在Node.js Express中不起作用 - CSRF token not working in nodejs express 在Ionic框架中生成CSRF令牌 - Generate CSRF Token in Ionic Framework csrf令牌在哪里存储angularjs - csrf token where to store for angularjs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM