/ Performance Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Handle the CSRF Token in JMeter

DZone's Guide to

How to Handle the CSRF Token in JMeter

When we do load testing using JMeter without handling the CSRF token, you get a certain error. Learn how to handle the CSRF token in JMeter.

by
·
May. 09, 17 · Performance Zone ·
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

xMatters delivers integration-driven collaboration that relays data between systems, while engaging the right people to proactively resolve issues. Read the Monitoring in a Connected Enterprise whitepaper and learn about 3 tools for resolving incidents quickly.

What is CSRF? CSRF stands for Cross-Site Request Forgery. Generally, when we log into a website, it always asks for authentication. From a security point-of-view, developers mostly time pass the CSRF token with a login parameter. But our focus is on how to handle this CSRF token in JMeter.

When we do load testing using JMeter without handling the CSRF token, we get this type of error:csrf token

CSRF and JMeter

For handling the CSRF token, we have to use the following parameters in JMeter:

  • HTTP cookie manager.

  • HTTP header manager.

  • Request paramter.

Extract CSRF Token Using JMeter Post Processors

For extracting CSRF, we have to add post processors in the test plan. Then, we have to add a regular expression extractor.

csrf token value

The regular expression extractor handles this CSRF token and its value each time this value is changed. In the regular expression extractor, we have to define certain fields:

  • Reference name: value

  • Regular expressionname="csrfToken" value="(.+?)"

  • Template: $1$

  • Match no: 1

regular expression extractor

We just pass this JMeter variable in the request parameter:

request parameter

Now, we execute the script and see the result:

login with extractor

This is how you can deal with CSRF protection in your Apache JMeter test script.

Discovering, responding to, and resolving incidents is a complex endeavor. Read this narrative to learn how you can do it quickly and effectively by connecting AppDynamics, Moogsoft and xMatters to create a monitoring toolchain.

Like This Article? Read More From DZone

How to Create a Local Repository of JMeter Plugins
How to Reuse Your JMeter Code With JAR Files and Save Time
How to Load Test OCSP With JMeter

Free DZone Refcard

Introduction to Docker Monitoring
DOWNLOAD
Topics:
performance ,tutorial ,jmeter ,csrf ,load testing

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Opinions expressed by DZone contributors are their own.

Performance Partner Resources

Container Monitoring and Management eBook: Read about the new realities of containerization.
IT Alerting Is Just the Beginning: Identify, Notify, & Empower People to Take Action. Sign up for free now.
[Whitepaper] 5 Steps to Build a Process-Centric IT Organization
[Whitepaper] 3 Tools for Monitoring in a Connected Enterprise
Take the Chaos Out of Container Monitoring. View the webcast on-demand!
Unraveling the Mystery: How to Predict Application Performance Problems
Using APM to Reduce the Frequency and Duration of Outages
The Essentials of Container Monitoring: Learn the 4 principles of application containerization.
Detecting Java Application Performance Trends

Performance Partner Resources

Container Monitoring and Management eBook: Read about the new realities of containerization.
IT Alerting Is Just the Beginning: Identify, Notify, & Empower People to Take Action. Sign up for free now.
[Whitepaper] 5 Steps to Build a Process-Centric IT Organization
[Whitepaper] 3 Tools for Monitoring in a Connected Enterprise

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone