Highlighted
Not applicable
8372 views

How to pass parameter to a server servlet or CGI?

Hi

I am testing an epayment server, eshop sends a post query to epayment server that has some parameters like Item code, value, ... and finally a digital signature. I want to test the epayment server. when a query has problem or is not complete or has a bad digital signature, epayment server only shows an error message. but if all the parameters have correct format, we can go to the payment form.

The question is: how I can test the epayment server? how I can tell webinspect to send queries as the form does? How I can best calibrate webinspect for this purpose?

When I run webinspect on the epayment server, It shows sending only one query and in incorrect format to the payment servlet. the test stops very fast and it shows a little result.

Labels (2)
0 Likes
1 Reply
Not applicable

Re: How to pass parameter to a server servlet or CGI?

Without seeing the actual request, its a little hard to say.  But in many cases, the digital signature or state is carried between servers in a query or post param.  You need to specify the parameter name as a "State" value in the HTTP Parsing section of scan settings.  This will make sure WebInspect carries the digital signature or state value between requests.  Its also recommended you set your thread count to 1 when handling state between servers.  And one final suggestion, add the state parameter as an excluded audit parameter.  This will help you get valid responses back rather than server errors during the audit.

 Ray

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.