problems with parseresponse and CSRFToken

67 views
Skip to first unread message

mark.r...@gmail.com

unread,
Feb 21, 2019, 12:37:10 PM2/21/19
to WebInject
Hi,

I have some problems with parseresponse, it does not seem to catch my expression. If you could give me some pointers..

Test: /etc/webinject/testcases/something.xml - 1
Desc: Connecting to Application
GET Request: https://example.com/authentication/login
Passed HTTP Response Code Verification (not in error range)
Verify: 'Login'
Passed Positive Verification
Failed Parseresult, cannot find CSRFToken" value="(*)"
TEST CASE WARNED
Response Time = 0.062 sec

The coresponding case"

    <case
        id="1"
        description1="Connecting to Icinga"
        method="GET"
    url="${LOGIN_URL}"
        verifypositive="Login"
    parseresponse='CSRFToken" value="|"'
    />

The corresponding line in the body:
regards

Mark

Tim Buckland

unread,
Mar 2, 2019, 7:22:41 AM3/2/19
to webi...@googlegroups.com
What version of WebInject are you using? Where did you download it from? There looks to be an error in the regex judging by the error message, the error messages shows an incorrect regular expression.

--
You received this message because you are subscribed to the Google Groups "WebInject" group.
To unsubscribe from this group and stop receiving emails from it, send an email to webinject+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Mark Lamers

unread,
Mar 2, 2019, 1:08:10 PM3/2/19
to webi...@googlegroups.com

from https://github.com/sni/Webinject

It is WebInject version 1.94

The CSRFToken is a hidden token in the page.

I should get it from this line:

">

Thanks for any pointers
Mark

Tim Buckland

unread,
Mar 5, 2019, 2:52:56 PM3/5/19
to webi...@googlegroups.com
I can't figure out what is going wrong to be honest. I checked the code for version 1.94 of WebInject from sni and while there is an error in the code that displays the error message to STDOUT, the code that does the regex parse seems fine.

Are you sure you are getting exactly the right page and it isn't a redirect - do you see the correct html source code in http.log?

Mark Lamers

unread,
Mar 6, 2019, 2:59:57 AM3/6/19
to webi...@googlegroups.com

Yes I do. Thanks for your effort.

Lets switch to a more general question if you don't mind. Is Webinject still actively maintained? I'm testing the implementation on an Icinga2 environment for a medium size organization. The simpleness appeals us, so we favored above Selenium.


Thanks for your time and effort.

Mark

tim.buckland

unread,
Mar 6, 2019, 6:19:49 AM3/6/19
to webi...@googlegroups.com
Hi Mark, 

We use WebInject heavily at my company - it is very fast and there is no need to worry about JavaScript async issus causing flakiness and also ChromeDriver vs Chrome versioning issues. 

I maintain a heavily modified version of WebInject that has been renamed since due to all the differences. 

You can find it here:


Is there a login page on the Internet similar to the one you are trying to create the test for? 

Cheers, 

Tim



Sent from my Samsung Galaxy smartphone.

Mark Lamers

unread,
Mar 6, 2019, 10:25:00 AM3/6/19
to webi...@googlegroups.com

Hi Tim,

Interesting news, i'm gonna checkout your repo soon.

Mark

Reply all
Reply to author
Forward
0 new messages