0

我已经设置了 siege (v2.70) 来测试一个有登录名的 webapp,然后我有一个大约 180 个 url 的列表来对应用程序的速度进行压力测试。问题是登录 url 返回时 cookie 被忽略。

这是 siege 和应用程序之间网络流量的 tcpdump(box.example.org 已替换为实际 url,这不是问题)

您可以在第一个响应中看到 Set-Cookie,然后在下一个 GET 请求中看不到 cookie。我找到了这个:

如何使用 --header 选项通过 Siege 发送 cookie?

但我需要发送的 cookie 取决于登录,我不能硬编码它。常见问题解答说它支持它们,但 tcpdump 反对: 

20:25:48.003094 IP (tos 0x0, ttl 64, id 31699, offset 0, flags [DF], proto TCP (6), length 223)
    192.168.20.34.48923 > 192.168.20.81.80: Flags [P.], seq 2734994720:2734994891, ack 3331849910, win 913, options [nop,nop,TS val 2229194446 ecr 50245070], length 171
E...{.@.@......"...Q...P... ...............
........GET /saml/testlogon/ HTTP/1.1^M
Host: box.example.org^M
Accept: */*^M
Accept-Encoding: gzip^M
User-Agent: JoeDog/1.00 [en] (X11; I; Siege 2.70)^M
Connection: close^M
^M

20:25:48.406571 IP (tos 0x0, ttl 64, id 21369, offset 0, flags [DF], proto TCP (6), length 427)
    192.168.20.81.80 > 192.168.20.34.48923: Flags [P.], seq 1:376, ack 171, win 972, options [nop,nop,TS val 50245160 ecr 2229194446], length 375
E...Sy@.@.<....Q...".P...............*.....
...(....HTTP/1.1 302 FOUND^M
Date: Wed, 21 Nov 2012 02:33:32 GMT^M
Server: Apache/2.2.22 (Ubuntu)^M
Vary: Cookie,Accept-Encoding^M
Set-Cookie: sessionid=233511e6001797ec77f7f3a08683ce97; httponly; Path=/^M
Location: http://box.example.org/viewer/start/^M
Content-Encoding: gzip^M
Content-Length: 20^M
Connection: close^M
Content-Type: text/html; charset=utf-8^M
^M
....................
20:25:49.410684 IP (tos 0x0, ttl 64, id 3041, offset 0, flags [DF], proto TCP (6), length 221)
    192.168.20.34.48924 > 192.168.20.81.80: Flags [P.], seq 1168563186:1168563355, ack 1414846755, win 913, options [nop,nop,TS val 2229194798 ecr 50245422], length 169
E.....@.@..v..."...Q...PE...TT.#...........
........GET /viewer/start/ HTTP/1.1^M
Host: box.example.org^M
Accept: */*^M
Accept-Encoding: gzip^M
User-Agent: JoeDog/1.00 [en] (X11; I; Siege 2.70)^M
Connection: close^M
^M

20:25:49.419109 IP (tos 0x0, ttl 64, id 30222, offset 0, flags [DF], proto TCP (6), length 375)
    192.168.20.81.80 > 192.168.20.34.48924: Flags [P.], seq 1:324, ack 169, win 972, options [nop,nop,TS val 50245424 ecr 2229194798], length 323
E..wv.@.@......Q...".P..TT.#E........*.....
...0....HTTP/1.1 302 FOUND^M
Date: Wed, 21 Nov 2012 02:33:34 GMT^M
Server: Apache/2.2.22 (Ubuntu)^M
Vary: Cookie,Accept-Encoding^M
Location: http://box.example.org/saml/testlogon/?next=/viewer/start/^M
Content-Encoding: gzip^M
Content-Length: 20^M
Connection: close^M
Content-Type: text/html; charset=utf-8^M
^M
4

1 回答 1

1

原来问题在于围攻本身。我修复了代码并将其推送到这个 repo

https://github.com/mark0978/siege

围攻没想到httponly;(没有=),如果过期时间不存在,它也得到了过期错误。最后一个我可以通过在我的应用程序中设置过期时间来修复,但我只是修复了计算。

于 2012-11-21T05:00:47.923 回答