我已经编写了一个 Web 性能测试,它之前运行良好。开发人员现在添加了 CSRF 令牌验证(以防止对网站的 CSRF 攻击)。在此之后,测试开始失败(错误,错误请求)。我对其进行了深入研究,发现服务器在登录请求中生成了一个 XSRF-TOKEN,之后必须在每个请求中传递该 XSRF-TOKEN。现在要提取令牌,我们需要解析对登录请求的响应。我们该怎么做?
我的编码测试如下所示:
WebTestRequest request4 = new WebTestRequest("https://servertest:8080/WebConsole/Account/Login");
request4.Method = "POST";
request4.Headers.Add(new WebTestRequestHeader("Accept", "application/json, text/plain, */*"));
request4.Headers.Add(new WebTestRequestHeader("Referer", "https://servertest:8080/WebConsole/index.html#/"));
StringHttpBody request4Body = new StringHttpBody();
request4Body.ContentType = "application/json;charset=utf-8";
request4Body.InsertByteOrderMark = false;
request4Body.BodyString = "{\"UserName\":\"pkdomain\\\\administrator\",\"Password\":\"sqa@123\"}";
request4.Body = request4Body;
yield return request4;
request4 = null;
WebTestRequest request5 = new WebTestRequest("https://servertest:8080/WebConsole/scripts/home/Pages/home-view.html");
request5.ThinkTime = 4;
request5.Headers.Add(new WebTestRequestHeader("Accept", "text/html"));
request5.Headers.Add(new WebTestRequestHeader("Referer", "https://servertest:8080/WebConsole/index.html#/"));
yield return request5;
request5 = null;