Medmans1
Reputation: 1
Jmeter Authentication token
I just started using Jmeter at my job and when recorded the script and try to play back i am getting this message for login
Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN
I am also getting response code 403.
Can somebody please help me?
Upvotes: 0
Views: 1941
Answers (2)
Dmitri T
Reputation: 168147
It means that you need to correlate a dynamic value:
- In the first request you get something called "CSRF token" either in response body or in response headers. This is a form of security enhancement to protect the application from CSRF attacks.
- In order to be able to make next request you need to pass exactly the same value as you got in response to your first request (to confirm your origin). You need to extract it with a JMeter PostProcessor, convert it into a JMeter Variable and send it as a parameter
_csrfor asX-CSRF-TOKENrequest header using HTTP Header Manager
See How to Load Test CSRF-Protected Web Sites for more detailed explanation and example of CSRF protection bypassing in JMeter test script
Upvotes: 1
uru917
Reputation: 91
You can try adding a HTTP Cookie Manager, as csfr tokens are sometimes sent in the cookies. Regards
Upvotes: 0
Related Questions
- How to parameterize Bearer token authorization in Jmeter
- Get and set access token through Jmeter
- JMeter Basic Authentication
- Validate token without login multiple times
- JMeter Custom Authentication
- Generate authentication token for each request in jmeter
- Unable to get Authorisation Token in Jmeter
- jmeter - multiple token extractions
- Jmeter authentication required issues
- Jmeter token-based authorization mechanism