Advanced outgoing proxy configuration in recorder
469 views
Skip to first unread message
Alexis LEGROS
Sep 20, 2017, 9:59:03 AM9/20/17
to Gatling User Group
Hi team,
First, please receive my grateful thanks for this great tool you brought to community, helps a lot ! :-)
I can't seem to find if there's a way to set up an advanced configuration for outgoing proxy for Gatling Recorder.
We are working on building scenarii in a quite complex network context : PAC file is ~2k lines long with ~50 different proxies declared.
As the recorder only accepts a single proxy hostname declaration, we're unable to effectively record our navigation through the browser.
Next step is obvisouly to build scenarii through HAR conversion but we initially wanted the scenarii building to remain browser-agnostic, which would not be the case anymore.
Thanks for reading, thanks even more if you answer !
Best regards from Rennes,
Alexis.
Stéphane LANDELLE
Sep 20, 2017, 2:45:04 PM9/20/17
to gat...@googlegroups.com
Hi,
Thanks for your kind words.
We don't support passing a PAC file (and I'm not aware of any non-browser based user-agent that does, eg Charles Proxy).
I'm afraid HAR export is the way to go.
Cheers,
--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alexis LEGROS
Sep 22, 2017, 5:35:45 AM9/22/17
to Gatling User Group
Hi Stéphane,
Thanks a lot for your answer.
We tried HAR export without much more success : Gatling runner is unable to route HTTP through proxies as declared in our PAC file.
I found William Bailey's pacproxy which seemed to be the exact tool we need here. Good news is it works like a charm directly on browser ! Less good news is it doesn't get well along with Gatling recorder.
Status is as following :
- Browser -> pacproxy is now OK with only minor adjustment on PAC file
- Browser -> Gatling recorder -> pacproxy can't seem to get all resources downloaded
Tried tweaking recorder options but nothing fixed the issue.
Would you have a hint on what could possibly cause this weird behavior ?
Thanks in advance.
Best regards,
Alexis.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
Stéphane LANDELLE
Sep 22, 2017, 11:52:44 AM9/22/17
to gat...@googlegroups.com
I found William Bailey's pacproxy which seemed to be the exact tool we need here. Good news is it works like a charm directly on browser !
Nice finding!
Less good news is it doesn't get well along with Gatling recorder.Status is as following :
- Browser -> pacproxy is now OK with only minor adjustment on PAC file
- Browser -> Gatling recorder -> pacproxy can't seem to get all resources downloaded
Tried tweaking recorder options but nothing fixed the issue.Would you have a hint on what could possibly cause this weird behavior ?
Sadly, no. I don't have such network architecture at hand so I can investigate on my side, sorry.
Please share if you figure it out!
Alexis LEGROS
Sep 25, 2017, 3:30:08 PM9/25/17
to Gatling User Group
Hi there !
Went a bit further in the investigation. :-)
Issue doesn't come from pacproxy and Gatling recorder working together, it's actually about Gatling recorder being detected by Firefox as a man in the middle, whatever the chosen HTTPS mode - which is quite fair, eh ? ^_^
I have to admit this had me dig further than I knew about certificates mechanics and I can't find any quick solution here.
I'm quite disappointed by Firefox disability to notify user about unloaded resources...
Firebug does provide the information, but you have to activate network view before navigation then click, click, Ctrl-A, copy/paste, enter, add exception for every domain accessed for resources... Just noticed Recorder also does in the secured hosts requiring accepting a certificate which is far quicker to access - thanks !
Looked for a even easier/quicker access/exception through a plugin, didn't find any. I may think about coding one on my spare time, though it's quite limited these days :D
Looked for a even easier/quicker access/exception through a plugin, didn't find any. I may think about coding one on my spare time, though it's quite limited these days :D
Guess we'll have to choose between converting HAR or manually adding certificate exceptions anyway.
Thanks again for your help regarding this matter, I'll let you know if that plugin comes out or if I find better way to workaround these pitfalls ;-)
Best regards,
Alexis.
Stéphane LANDELLE
Sep 26, 2017, 3:09:45 AM9/26/17
to gat...@googlegroups.com
No, with fake cert authority mode, your browser should accept the certs that the recorder crafts on the fly.
--
You received this message because you are subscribed to the Google Groups "Gatling User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+unsubscribe@googlegroups.com.
Alexis LEGROS
Sep 26, 2017, 5:38:17 AM9/26/17
to Gatling User Group
You mean with Gatling recorder HTTPS mode set to On-the-fly certificate generation and generated CA added to Firefox authority certificates ?
Had great hope in it but still got SSL_ERROR_BAD_CERT_DOMAIN error on page as well as resource loading. :-(
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+u...@googlegroups.com.
Stéphane LANDELLE
Sep 26, 2017, 5:43:27 AM9/26/17
to gat...@googlegroups.com
I suspect you didn't import the CA cert in Firefox.
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+unsubscribe@googlegroups.com.
Alexis LEGROS
Sep 26, 2017, 6:18:34 AM9/26/17
to Gatling User Group
I did, though : after removing it from Authority Certificates repository, got MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA error instead.
bad domain feels like the recorder would be generating a certificate with wrong domain name ?
Stéphane LANDELLE
Sep 26, 2017, 6:37:51 AM9/26/17
to gat...@googlegroups.com
Mmm, maybe the recorder is generating certs against the intermediate proxy domain instead of the target one.
I don't have time to investigate myself atm, could you please investigate, eg enable ssl debug (-Djavax.net.debug=all).
To unsubscribe from this group and stop receiving emails from it, send an email to gatling+unsubscribe@googlegroups.com.
Alexis LEGROS
Sep 26, 2017, 7:13:24 AM9/26/17
to Gatling User Group
Well thought : it's actually pacproxy that causes the recorder to generate bad domain CERT : by removing it I access pages without SSL_ERROR_BAD_CERT_DOMAIN error.
Unfortunately, we need it to redirect requests accordingly to our PAC file...
HAR conversion it will be :-)
Thanks again for your help here ;-)
Best regards,
Alexis.
Reply all
Reply to author
Forward
0 new messages