Jmeter 440 错误代码.我该如何解决这个错误? [英] Jmeter 440 error code. How can I resolve this error?

问题描述

我正在使用 Jmeter 和 Blazemeter 在登录脚本中使用 Genexus 制作的网络.我遇到的问题是在 POST 中.

每当我尝试进行 POST http 请愿时，Jmeter 都会抛出以下内容:

如您所见，在响应正文中，我有一个 440 http 错误代码.这是登录超时，这意味着客户端的会话已过期，必须重新登录.我以前有403错误代码，但现在经过一些安排，我有440.您对如何解决这个问题有什么建议吗?

解决方案

首先，我不是 Genexus 的专家.我所有的发现都是从黑匣子的角度来看的.

Genexus 安全

我发现 Genexus 至少需要两件事才能在 Web 应用程序上进行身份验证(我只测试了 Java 和 .Net 生成的应用程序).

1. GXState 参数.这个参数是在发布请求中发送的，根据我的理解作为同步器令牌模式"，请参阅有关

   创建的变量名称:GXState

   正则表达式:name=GXState"；value='(.*?)'

   模板:$1$

   比赛编号:1

   默认值:NOT_FOUND

2. GXState 是一个 JSON 对象，我们可以从中提取 GX_AJAX_KEY 来加密 gxajaxEvt 字符串.请注意，我发现 GX_AJAX_KEY 是在这种情况下用于加密的密钥，但其他一些也可以应用.我们可以使用浏览器 Web 控制台对此进行调试:

gx.sec.encrypt("gxajaxEvt")

我们会看到这样的事情:8722e2ea52fd44f599d35d1534485d8e206d507a46070a816ca7fcdbe812b0ad"

我们可以发现，所有客户端加密代码都在 gxgral.js 文件中.Genexus 使用

要在 JMeter 脚本中模拟此客户端行为，我们可以使用JSR 233 采样器".获得 Rijndael 结果的一种方法是使用 Bouncy Castle 库.我们需要添加这个jar

3. 使用这些变量，我们可以成功发送下一个请求:

我们可以在此处找到此示例 JMeter 脚本.

复杂脚本请参考本指南(需要GXTest)

如果我们在 JMeter 中遇到这个异常(java.util.zip.ZipException: Not in GZIP format)，请参考这个也可以回答.

I am working with Jmeter and Blazemeter in a login script for a web made with Genexus. The problem that I am having is in the POST.

Whenever I try to make a POST http petition, Jmeter throws the next thing:

As you can see, in the response body, I am having a 440 http error code. This is a login Time-out which means the client's session has expired and must log in again. I used to have a 403 error code but now, after doing some arrangements, I have 440. Do you have any suggestions on how to resolve this?

解决方案

First, I'm not an expert on Genexus. All my findings are from a black-box point of view.

Genexus Security

I found that Genexus requires at least two things to authenticate on Web Application (I tested only Java and .Net generated apps).

1. The GXState parameter. This param is sent in post request, and from my understanding works as "Synchronizer token pattern", see more info on Cross-site request forgery. We need to send this param on every post request.

2. The gxajaxEvt parameter. This is very specific to Genexus Apps. In the documentation mentions this parameter is send encrypted in the URL, and this behavior is managed by the "Javascript debug mode property":

# Javascript Debug Mode: Yes
http://{server}:{port}/{webappname}/servlet/com.{kbname}.{objectname}?gxfullajaxEvt,gx-no-cache=1442811265833
# Javascript Debug Mode: No (default value)
http://{server}:{port}/{webappname}/servlet/com.{kbname}.{objectname}?64df96a2d9b8480aed416e470dae529e,gx-no-cache=1442811265833

JMeter Script

1. So, to get the GXState, we can use the Regular Expression Extractor:

   Name of created variable: GXState

   Regular expression: name="GXState" value='(.*?)'

   Template: $1$

   Match No.: 1

   Default Value: NOT_FOUND

2. The GXState is a JSON, object, from it we can extract the GX_AJAX_KEY to encrypt gxajaxEvt string. Note that, I found the GX_AJAX_KEY is the key used to encrypt in this case, but some others could apply. We can debug this using Browser Web Console, with this:

gx.sec.encrypt("gxajaxEvt")

We'll see something like this: "8722e2ea52fd44f599d35d1534485d8e206d507a46070a816ca7fcdbe812b0ad"

As we can found, all the client encryption code is in the gxgral.js file. Genexus uses the Rijndael algortihm (Sub set of AES) with block size of 128 bits.

To emulate this client behavior in the JMeter Script we can use the "JSR 233 sampler". A way to get the Rijndael results is use the Bouncy Castle library. We need to add this jar (bouncycastle:bcprov-jdk15to18:1.68) to the JMeter's lib folder to use it.

Our code script will be something like this (Language Groovy 3.0.5/Groovy Scripting Engine 2.0):

import com.jayway.jsonpath.JsonPath
import java.nio.charset.StandardCharsets
import java.util.Arrays
import org.bouncycastle.crypto.BufferedBlockCipher
import org.bouncycastle.crypto.InvalidCipherTextException
import org.bouncycastle.crypto.engines.RijndaelEngine
import org.bouncycastle.crypto.params.KeyParameter
import org.bouncycastle.util.encoders.Hex
import org.apache.jmeter.threads.JMeterContextService
import org.apache.jmeter.threads.JMeterContext
import org.apache.jmeter.threads.JMeterVariables

String gxState = vars.get('GXState')
String gxAjaxKey = JsonPath.read(gxState,'$.GX_AJAX_KEY')
byte[] input = Arrays.copyOf('gxajaxEvt'.getBytes(StandardCharsets.UTF_8), 16)
RijndaelEngine engine = new RijndaelEngine(128)
KeyParameter key = new KeyParameter(Hex.decode(gxAjaxKey))
BufferedBlockCipher cipher = new BufferedBlockCipher(engine)
cipher.init(true, key)
byte[] out = new byte[16]
int length = cipher.processBytes(input, 0, 16, out, 0)
cipher.doFinal(out, length)
String encryptedOutput= Hex.toHexString(out)
log.info 'gx.sec.encrypt("gxajaxEvt")='+encryptedOutput
String gxNoCache = String.valueOf(System.currentTimeMillis())
log.info 'gx-no-cache='+gxNoCache
vars.put('gxajaxEvt', encryptedOutput)
vars.put('gxNoCache', gxNoCache)

The script work like this:

• First, We get the previos GXState variable extracted.
• Second, Using JSON Path (Already available in JMeter 5.4.1) extract the GX_AJAX_KEY property.
• Third, We apply the Rijndael algorithm over the gxajaxEvt using the GX_AJAX_KEY as a key.
• We also create the gx-no-cache to handle the cache.

3. With these variables we can send the next request successfully:

We can found this sample JMeter script available here.

For complex scripts, please refer to this guide (Requires GXTest)

In case we get this exception in JMeter ( java.util.zip.ZipException: Not in GZIP format) please refer this answer too.

这篇关于Jmeter 440 错误代码.我该如何解决这个错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！