Http POST request sending dynamic value for username and password. JMETER

Question

I am trying to create a Jmeter script for my project, which includes simple login and logout flow. I recorded the script using Chrome Extension "Blazemeter," found under the login http sampler with post method sending below data in the body.

{"username":"U2FsdGVkX1/NOa/KQxSdikbkXsT8M5bF4K2oSVx/zTBAvyymJ93co+10eUT0cZuJ","password":"U2FsdGVkX183cvN9kZZiv5HRtrV/Z0ZwB89YenArxtA="}

When I replay the script in Jmeter, it is throwing this error:

{"not_auth":"Invalid credentials. Please try again"}

I tried giving the actual credentials but didn't work for me. Can anyone please help me with this issue? This dynamic value is generated at the browser end and I can not find any dynamic value in previous response.

Answer 1

Record your login flow once again and check username and password values.

1. If they are the same as for the first recording - the problem lives somewhere else and you will need to figure out what are the differences between requests your JMeter test sends and the requests which are being sent by real browser. I would suggest comparing both using a sniffer tool like Wireshark in order to be able to detect and work around the differences.

2. If they are different each time you will need to find out what algorithm is being used for encrypting username and password, most likely it is being done by JavaScript directly in the browser so you should be able to figure that out and either re-use or re-implement in JSR223 PreProcessor. For example, your username and password look utterly like Base64-encoded strings so I tried to decode them using Groovy built-in decoding methods but unfortunately it is encrypted with something else in addition

   

   Check out Groovy Is the New Black article for more information on using Groovy in JMeter scripts.