How to pass parameter to a server servlet or CGI?
I am testing an epayment server, eshop sends a post query to epayment server that has some parameters like Item code, value, ... and finally a digital signature. I want to test the epayment server. when a query has problem or is not complete or has a bad digital signature, epayment server only shows an error message. but if all the parameters have correct format, we can go to the payment form.
The question is: how I can test the epayment server? how I can tell webinspect to send queries as the form does? How I can best calibrate webinspect for this purpose?
When I run webinspect on the epayment server, It shows sending only one query and in incorrect format to the payment servlet. the test stops very fast and it shows a little result.
Re: How to pass parameter to a server servlet or CGI?
Without seeing the actual request, its a little hard to say. But in many cases, the digital signature or state is carried between servers in a query or post param. You need to specify the parameter name as a "State" value in the HTTP Parsing section of scan settings. This will make sure WebInspect carries the digital signature or state value between requests. Its also recommended you set your thread count to 1 when handling state between servers. And one final suggestion, add the state parameter as an excluded audit parameter. This will help you get valid responses back rather than server errors during the audit.