Hello guys,
I am trying to test a web form that is using a CSRF Token to validate the Login process, and redirect the User to another dashboard. The problem is the web scenario is working when the CSRF token is not provided, and when the forms provides that hidden input, Zabbix is not able to login (makes sense).
When I get the Login page, after check the 200 status code and the required string is found, I added a new rule in Variables textarea:
These are examples of the hidden input:
And the error that I am getting is:
What am I doing wrong? Anyone can help me with this please? I need to test the performance of this project, and Logged in pages are providing several operations.
I am using Zabbix 3.0.2, by the way.
Many thanks for your help guys!
EDITING
Looks like this one is not returning an error:
However, because I am not getting the expected response, I have tried to pass the (theoretically) got token via GET (instead of POST, as is expected) and looks like I am providing an empty string.
I am loading the login page on Step 2 (where I try to get the token) and I submit all POST data on Step 3 (token included)
I am trying to test a web form that is using a CSRF Token to validate the Login process, and redirect the User to another dashboard. The problem is the web scenario is working when the CSRF token is not provided, and when the forms provides that hidden input, Zabbix is not able to login (makes sense).
When I get the Login page, after check the 200 status code and the required string is found, I added a new rule in Variables textarea:
Code:
{_csrf_token}=regex:input name="_csrf_token" value="(.{43})"
HTML Code:
<input type="hidden" name="_csrf_token" value="DLzTQzMwySb3Rhcuw7iG1auIADkUN3X4AVUGlzpcJkM"> <input type="hidden" name="_csrf_token" value="ny8SM10ZhAUwvpT-XS__KPrADwS18Gm1AThjehdebW0">
Step "Login Process" [2 of 7] failed: error in step variables "{_csrf_token}=regex:input name="_csrf_token" value="(.{43})"": cannot extract the value of "{_csrf_token}" from response
What am I doing wrong? Anyone can help me with this please? I need to test the performance of this project, and Logged in pages are providing several operations.
I am using Zabbix 3.0.2, by the way.
Many thanks for your help guys!
EDITING
Looks like this one is not returning an error:
Code:
{_csrf_token}=regex:name="_csrf_token" value="([^"]*){43}"
I am loading the login page on Step 2 (where I try to get the token) and I submit all POST data on Step 3 (token included)