ashish007 Absent Member.
Absent Member.
2094 views

Issue while Capturing CSRF Token with SILK Performer 15.5

Hi All,

We are trying to capture CSRF (Cross-Site Request Forgery) token value using our script( performance testing script) but unable to capture it.

Application is web and url goes through https://.

We have tried to record the script in two recording modes

HTTP : first occurrence of value is coming in 'out header' part of trulelog explorer of silk performer tool

HTTP/HTML: first occurrence of values is coming in 'In header' of true log explorer of silk performer tool.

But we are unable to capture (parsing) it in both the cases mentioned above.

When we are trying to replay script, it is failing with error message that "Request forbidden http 403"

Is it like a captcha used for security purpose in web application, which cannot be captured?

If it can be captured then could you please tell us how to capture it so that silk performer script can be executed successfully?

It is very urgent issue, Kindly look in to it.

Thanks in advance.

 

0 Likes
2 Replies
Former Member Absent Member.
Absent Member.

RE: Issue while Capturing CSRF Token with SILK Performer 15.5

THE CSRF is in the header.    But to get to it you need some information from the developers.   There are API_Keys that are set up for security.    THey need to be encoded somehow.  They have the code for you to do this.  Then place this code in a bean shell preprocessor.

0 Likes
phyllipho Absent Member.
Absent Member.

RE: Issue while Capturing CSRF Token with SILK Performer 15.5

As the server sends back the CSRF token value in the 'In header', you can use WebParseResponseHeader function to parse it out.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.