How To Handle CSRF Token in Jmeter


What is CSRF– CSRF  stands for Cross-Site Request Forgery. Generally when we login in website it always ask for authentication. For the security point of view developer mostly time pass the csrftoken with login parameter. but our topic is how to handle this csrf token in jmeter.

when we do load testing using jmeter and if we not handle the csrf token we get this type of error.csrf token

CSRF and JMETER

For handling the csrf token we have to use such Parameter in jmeter.

1-HTTP COOKIE MANAGER.

2-HTTP HEADER MANAGER.

3-REQUEST PARAMETER.

EXTRACT CSRF TOKEN USING JMETER POST PROCESSORS

For extracting csrf we have to add post processors in test plan then we have to add Regular expression extractor.

csrf token value

Regular expression extractor handle this csrfToken  and its value because each time this value is changed.

In Regular expression extractor we have to defined certain field.

Reference Name: value

Regular expression:   name=”csrfToken” value=”(.+?)”

Template: $1$

Match no: 1

regular expression extractor

WE just pass this JMeter variable in Request Parameter.

request parameter

Now we execute the script and see the result.

login with extractor

This is how you can deal with CSRF protection in your Apache JMeter test script.

Advertisements
This entry was posted in CSRF Token Protected, LoadTesting, Scala, Test, testing, tests and tagged , , , . Bookmark the permalink.

8 Responses to How To Handle CSRF Token in Jmeter

  1. and some times just to be tricky (Like in SAP) it can be hiding in the header, rather than the body. The trick with Jmeter in my experience is that if you combine it with fiddler, perl or another very good text parsing language and an excellent vis tool you can do some very very powerful things with it

  2. Hamid Assous says:

    Is your payment gateway located on another server than the web app?

  3. sandeeprao says:

    Hi i have one query without doing regular expression also my login is successful shown in jmeter how ever my application logs shows the security denied messages but why jmeter request passed(login) is shown in green instead of orrange please answer my query i am a beginner 🙂

  4. bindu says:

    i am getting invalid access token in jmeter but coudnot clear that issue plese help me ?

  5. Akanksha says:

    Hi, I am trying to record a scenario in which payment has to be made through credit card. Once I select the Payment button, I am getting redirected to a different server and I receive timeout error. Could you please help me with this. Thanks.

  6. Prashant Bhatt says:

    I am get same value print as i give in Reference name of Regular Extractor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s