I am recording a https session of a JSF based web app on JMeter and it's not working.
Target application is hosted on: AWS
JMeter version: 2.9 r1437961
Browser: Chrome version 29.0.1547.65
Java: java version "1.6.0_27"
OpenJDK Runtime Environment (IcedTea6 1.12.5) (6b27-1.12.5-0ubuntu0.12.04.1)
OpenJDK Server VM (build 20.0-b12, mixed mode)
OS: Ubuntu 12.04
Proxy server config:
Port: 8084
Target Controller: Test Plan > Thread Group
Capture HTTP headers is checked.
HTTP Sample settings:
Type: not selected. Follow Redirects and Use KeepAlive checked.
URL patterns to exclude:
1. Added Suggested Excludes
2. .*\.jsf
Exceptions that are getting thrown (from JMeter.log):
ERROR - jmeter.protocol.http.proxy.Proxy: java.net.SocketException: Connection closed by remote host
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1377)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:62)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.jmeter.protocol.http.proxy.Proxy.writeToClient(Proxy.java:404)
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:218)
ERROR - jmeter.protocol.http.proxy.Proxy: Problem with SSL certificate? Ensure browser is set to accept the JMeter proxy cert: Connection closed by remote host java.net.SocketException: Connection closed by remote host
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1377)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:62)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.jmeter.protocol.http.proxy.Proxy.writeToClient(Proxy.java:404)
at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:218)
The steps I am following are:
1. Set proxy server pointing to 8084.
2. Change proxy settings from chrome:
Set https proxy to 8084.
3. Disabled all chrome extensions and chrome account.
4. Started jmeter proxy server and hit https://url/login
5. Certificate confirmation page appears on browser. Meanwhile, jmeter.log shows:
2013/09/11 13:16:30 INFO - jmeter.protocol.http.proxy.Daemon: Creating Daemon Socket on port: 8084
2013/09/11 13:16:30 INFO - jmeter.protocol.http.proxy.Daemon: Proxy up and running!
2013/09/11 13:22:39 INFO - jmeter.protocol.http.proxy.Proxy: Proxy will remove the headers: If-Modified-Since,If-None-Match,Host
2013/09/11 13:22:39 INFO - jmeter.protocol.http.proxy.Proxy: Opened Keystore file: /home/abhijeet/Automation_Dev/LoadAutomation/Jmeter/apache-jmeter-2.9/bin/proxyserver.jks
2013/09/11 13:22:39 INFO - jmeter.protocol.http.proxy.Proxy: KeyStore for SSL loaded OK and put host in map (clients4.google.com)
2013/09/11 13:22:39 INFO - jmeter.protocol.http.proxy.Proxy: Opened Keystore file: /home/abhijeet/Automation_Dev/LoadAutomation/Jmeter/apache-jmeter-2.9/bin/proxyserver.jks
2013/09/11 13:22:39 INFO - jmeter.protocol.http.proxy.Proxy: KeyStore for SSL loaded OK and put host in map (translate.googleapis.com)
2013/09/11 13:22:40 INFO - jmeter.protocol.http.sampler.HTTPHCAbstractImpl: Local host = abhijeet-desktop
2013/09/11 13:22:40 INFO - jmeter.protocol.http.sampler.HTTPHC4Impl: HTTP request retry count = 1
2013/09/11 13:22:40 INFO - jmeter.protocol.http.sampler.HTTPHC4Impl: Setting up HTTPS TrustAll scheme
2013/09/11 13:22:40 INFO - jmeter.protocol.http.proxy.FormCharSetFinder: Using htmlparser version: 2.0 (Release Build Sep 17, 2006)<br>
6. Thread group starts showing unknown requests to these domains:
1. translate.googleapis.com
2. clients4.google.com
3. www.google.co.in
4. www.google.com
5. ssl.gstatic.com
6. safebrowsing.google.com
7. alt1-safebrowsing.google.com
8. clients4.google.com
9. www.gstatic.com
.
.
n all other requests going to the target application.
(For every request the above exceptions are thrown)
I believe, the google domain requests above are getting recorded because chrome is dynamically searching the keywords on google, while I am typing the url string in the address bar. But I don't want these requests to get recorded in the Thread Group.
Also, I tried the solutions from these pages but they didn't work for me:
Link 1
Link 2
Link 3
I don't understand, why is JMeter not able to use the fake certificate that it already has. I checked the SSL settings in chrome and I could not find any JMeter certificates. Need help!!
To do it in chrome/IE we have to place the certificate into 'Trusted Root Certificates Store'
Double click the certificate created
Certificate Import Wizard opens
Click Next
Select Second radio button (Place All Certificates in the following store)
Click Browse and select 'Trusted Root Certificates Authorities'. Click Next
Click Finish
Check your certificate installed in Chrome Settings (under Http/SSL) - Manage certificates.. (Trusted Root Certificates Authorities Tab)
This should at cure the exceptions thrown as your screenshot shows.
I have the same problem and solve it to trust the certificate. Just like you when i look at the
Options > Advanced > Certificates > View Certificates ==> Authorities
and couldn't see a name ApacheJMeterRootCertificate.crt or a related name, but i realize that there is a name something like
_DO NOT INSTALL unless this is your certificate
I click this object and 'Edit_Trust' both item under this object. I share my screenshot. I hope this can be help you and others.
I use Firefox. At chrome there should be similar way to edit the certificate.
jmeter 2.12 has good support for HTTPS. Under the WorkBench, just select Add -> Non-Test Elements -> HTTP(S) Test Script Recorder. This version worked first time for me.
Latest versions of Google Chrome made difficult to bypass security settings to avoid security Threats as Phishing or Man-in-the-middle attacks.
I have successfully configured Google Chrome (v.54.0) to allow JMeter Self-Signed Certificate for HTTP(S) Recording.
Here the instructions (on Windows):
Open MMC console (SUPER + R, Type mmc, Press Enter)
Select File Add/Remove Snap-in
Select Certificates Snap-in for Current User
Select Trusted Root Certification Authorities >> Certificates
Right-click over Certificates folder and select All Tasks >> Import...
Import JMeter Self-Signed certificate using the wizard keeping the default options.
Once installed, right-click over JMeter Self-Signed certificate and select Properties
On General tab, make sure Enable for all purposes option is selected
On Cross-Certificates, include the URL of the application you want to record (make sure you enter the full url, e.g. https://www.live.com)
Close all windows.
Done. You should now be able to reach the destination bypassing Chrome security alert and start recording.
Related
Loading NaCl plugin... done.
Connecting to user#172.27.0.31...
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:C11asdfasdfxY6asdfasdfIUfadsfasdRB4.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /.ssh/known_hosts:21
ECDSA host key for 172.27.0.31 has changed and you have requested strict checking.
Host key verification failed.
NaCl plugin exited with status code 255.
(R)econnect, (C)hoose another connection, or E(x)it?
This error is related to Chrome Secure Shell App extension.
This error may happen if you are under man in the middle attack or due to certificate change on the server side.
Previous fix to this was to delete local entry from known hosts by using Chrome console:
term_.command.removeKnownHostByIndex(21)
But produces error:
VM237:1 Uncaught TypeError: term_.command.removeKnownHostByIndex is not a function
at <anonymous>:1:15
Now (my chrome Version 85.0.4183.83 (Official Build) (64-bit)) an entry can be deleted manually in extension settings. 3 dots (chrome right upper corner) > More tools > Extensions > Secure Shell App Details > Extensions > options > SSH Files > Delete specific entry (whole row) in ~/.ssh/known_hosts
now that the app is discouraged in favour of the extension,
in the top-left corner of the terminal you may click the icon,
and delve into terminal settings and SSH.
~/.ssh/known_hosts is there.
good luck!
When I try to run the Polymer Shop locally, both the bundled and unbundled builds, using the SimpleHTTP2Server , on my local host using port 5000, the request for service-worker.js fails:
An SSL certificate error occurred when fetching the script.
https://localhost:5000/service-worker.js Failed to load resource: net::ERR_INSECURE_RESPONSE
(index):1 Uncaught (in promise) DOMException: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.
Is there an easy way to get this to work? I tried a number of start up flags, like:
chrome.exe --ignore-certificate-errors --incognito
--unsafely-treat-insecure-origin-as-secure --allow-insecure-localhost
but that didn't help, I still get:
(index):1 Uncaught (in promise) DOMException: Failed to register a ServiceWorker: An SSL certificate error occurred when fetching the script.
Following alesc's suggestion, I found instructions here:
These are instructions for Chrome 55 on Windows 10. It seems these steps may change frequently.
On the page with the untrusted certificate (https:// is crossed out in red), click the lock so a popup opens up.
Click the Details link under the information section at the top.
Click on the View Certificate button.
Click on the Details tab
Click on the Copy to File
Click Next
Export as PKCS #7
Open up Chrome Settings > Show advanced settings > HTTPS/SSL > Manage Certificates
Import the certificate created in step 7 to both the Intermediate Certificate Authorities tab as well as the Trusted Authorities Tab.
Restart Chrome and open your localhost site.
OS: Ubuntu 12.04 64-bit
PHP version: 5.4.6-2~precise+1
When I test an https page I am writing through the built-in webserver (php5 -S localhost:8000), Firefox (16.0.1) says "Problem loading: The connection was interrupted", while the terminal tells me "::1:37026 Invalid request (Unsupported SSL request)".
phpinfo() tells me:
Registered Stream Socket Transports: tcp, udp, unix, udg, ssl, sslv3,
tls
[curl] SSL: Yes
SSL Version: OpenSSL/1.0.1
openssl:
OpenSSL support: enabled
OpenSSL Library Version OpenSSL 1.0.1 14 Mar 2012
OpenSSL Header Version OpenSSL 1.0.1 14 Mar 2012
Yes, http pages work just fine.
Any ideas?
See the manual section on the built-in webserver shim:
http://php.net/manual/en/features.commandline.webserver.php
It doesn't support SSL encryption. It's for plain HTTP requests. The openssl extension and function support is unrelated. It does not accept requests or send responses over the stream wrappers.
If you want SSL to run over it, try a stunnel wrapper:
php -S localhost:8000 &
stunnel3 -d 443 -r 8080
It's just for toying anyway.
It's been three years since the last update; here's how I got it working in 2021 on macOS (as an extension to mario's answer):
# Install stunnel
brew install stunnel
# Find the configuration directory
cd /usr/local/etc/stunnel
# Copy the sample conf file to actual conf file
cp stunnel.conf-sample stunnel.conf
# Edit conf
vim stunnel.conf
Modify stunnel.conf so it looks like this:
(all other options can be deleted)
; **************************************************************************
; * Global options *
; **************************************************************************
; Debugging stuff (may be useful for troubleshooting)
; Enable foreground = yes to make stunnel work with Homebrew services
foreground = yes
debug = info
output = /usr/local/var/log/stunnel.log
; **************************************************************************
; * Service definitions (remove all services for inetd mode) *
; **************************************************************************
; ***************************************** Example TLS server mode services
; TLS front-end to a web server
[https]
accept = 443
connect = 8000
cert = /usr/local/etc/stunnel/stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
This accepts HTTPS / SSL at port 443 and connects to a local webserver running at port 8000, using stunnel's default bogus cert at /usr/local/etc/stunnel/stunnel.pem. Log level is info and log outputs are written to /usr/local/var/log/stunnel.log.
Start stunnel:
brew services start stunnel # Different for Linux
Start the webserver:
php -S localhost:8000
Now you can visit https://localhost:443 to visit your webserver: screenshot
There should be a cert error and you'll have to click through a browser warning but that gets you to the point where you can hit your localhost with HTTPS requests, for development.
I've been learning nginx and Laravel recently, and this error has came up many times. It's hard to diagnose because you need to align nginx with Laravel and also the SSL settings in your operating system at the same time (assuming you are making a self-signed cert).
If you are on Windows, it is even more difficult because you have to fight unix carriage returns when dealing with SSL certs. Sometimes you can go through the steps correctly, but you get ruined by cert validation issues. I find the trick is to make the certs in Ubuntu or Mac and email them to yourself, or use the linux subsystem.
In my case, I kept running into an issue where I declare HTTPS somewhere but php artisan serve only works on HTTP.
I just caused this Invalid request (Unsupported SSL request) error again after SSL was hooked up fine. It turned out to be that I was using Axios to make a POST request to https://. Changing it to POST http:// fixed it.
My recommendation to anyone would be to take a look at where and how HTTP/HTTPS is being used.
The textbook definition is probably something like php artisan serve only works over HTTP but requires underlying SSL layer.
Use Ngrok
Expose your server's port like so:
ngrok http <server port>
Browse with the ngrok's secure public address (the one with https).
Note: Though it works like a charm, it seems an overkill since it requires internet and would appreciate better recommendations.
I have installed PHPstorm 10.0.3 Trial, and PHP in my Apache folder on Windows machine, however when I use PHP interpreter I'm getting error 502 Bad Gateway around 50-90% of time.
When this is only HTML page, it works 100%of time.
Edit:
What I do is 'run' my template.php(or any other)file which then appears in browser with url: http://localhost:63342/htdocs/template.php
I have tested:
PHP 7.0.2, PHP 5.3(ISS), first one thread safe, second one thread safe disabled, same results. In Webstorm my path is pointing to PHP-CGI.exe which was problem in different topics.
Only hint about what is going on I was able to find out by clicking: PHPstorm/Help/Show Log in Explorer. So anytime I get Error 502 something along these lines comes up:
2016-01-14 09:57:21,510 [1084784] ERROR - ins.io.ChannelExceptionHandler - PhpStorm 10.0.3 Build #PS-143.1770
2016-01-14 09:57:21,510 [1084784] ERROR - ins.io.ChannelExceptionHandler - JDK: 1.8.0_51
2016-01-14 09:57:21,510 [1084784] ERROR - ins.io.ChannelExceptionHandler - VM: Java HotSpot(TM) Server VM
2016-01-14 09:57:21,510 [1084784] ERROR - ins.io.ChannelExceptionHandler - Vendor: Oracle Corporation
2016-01-14 09:57:21,510 [1084784] ERROR - ins.io.ChannelExceptionHandler - OS: Windows 7
2016-01-14 09:57:21,511 [1084785] INFO - ins.io.ChannelExceptionHandler - Channel will be closed due to error
2016-01-14 09:57:24,273 [1087547] ERROR - ins.io.ChannelExceptionHandler - minimumReadableBytes: -2815 (expected: >= 0)
java.lang.IllegalArgumentException: minimumReadableBytes: -2815 (expected: >= 0)
at io.netty.buffer.AbstractByteBuf.checkReadableBytes(AbstractByteBuf.java:1143)
at io.netty.buffer.AbstractByteBuf.skipBytes(AbstractByteBuf.java:731)
at org.jetbrains.io.Decoder.getBufferIfSufficient(Decoder.java:131)
at org.jetbrains.io.fastCgi.FastCgiDecoder.messageReceived(FastCgiDecoder.kt:56)
at org.jetbrains.io.Decoder.channelRead(Decoder.java:38)
at io.netty.channel.ChannelHandlerInvokerUtil.invokeChannelReadNow(ChannelHandlerInvokerUtil.java:83)
at io.netty.channel.DefaultChannelHandlerInvoker.invokeChannelRead(DefaultChannelHandlerInvoker.java:163)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:155)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:950)
at io.netty.channel.oio.AbstractOioByteChannel.doRead(AbstractOioByteChannel.java:166)
at io.netty.channel.oio.AbstractOioChannel$1.run(AbstractOioChannel.java:38)
at io.netty.channel.ThreadPerChannelEventLoop.run(ThreadPerChannelEventLoop.java:52)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:742)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jetbrains.ide.PooledThreadExecutor$1$1.run(PooledThreadExecutor.java:55)
minimumReadableBytes is changing from record to record.
You are using PhpStorm's own built-in web server, which has some issues right now (especially with POST requests, e.g. WEB-17317).
The solution is to use your own proper web server (Apache/IIS/nginx/whatever).
Define Deployment entry. In place type should be fine, as long as your Apache/IIS can serve files from that location; otherwise either configure web server to be able to do that .. or use another type of deployment (e.g. Local or Mounted Folders for IDE to copy files to another location for you)
Configure it (provide desired URL etc)
Mark it as Default for this project
Now IDE will use that base URL when you will use Open in Browser or Run/Debug actions (NOTE: it will not affect any existing Run/Debug Configurations -- only future ones; you will have to update your current Run/Debug Configurations manually).
This is what worked for me.
I opened XAMPP control panel v3.2.2, I went into Apache->Config->httpd.conf
and changed the below code
Listen 12.34.56.78:80
Listen 80
to
Listen 12.34.56.78:8080
Listen 8080
Also,
ServerName localhost:80
to
ServerName localhost:8080
saved the file httpd.conf and then started the apache below action from the main screen of XAMPP Control Panel v3.2.2 and it started the apache.
After that I opened the browser and MANUALLY typed the address
for example:
If previous address was: http://
localhost:63342/htdocs/template.php (no space inbetween)
the new one would be:http://
localhost:8080/template.php (no space inbetween)
It should run just fine. Refresh the page and you shouldn't get 502 Bad Gateway error.
Remember: If you run your application later it may go back to previous location, All you need to do is, use the new location on address bar which would be (in this case)
http://
localhost:8080/template.php. (no space inbetween)
In your case:
http://
localhost:8080/yourfilename.php (no space inbetween)
I am launching chrome browser using
selenium = new DefaultSelenium("localhost", 4444, "*googlechrome",
"https://example.com/");
But i get a popup with following message and it freezes:
An administrator has installed Google Chrome on this system, and it is available for all users. The system-level Google Chrome will replace your user-level installation now.
Console Log till point of freeze:
Server started
16:06:37.792 INFO - Command request: getNewBrowserSession[*googlechrome, https://example.com/, ] on session null
16:06:37.796 INFO - creating new remote session
16:06:38.081 INFO - Allocated session beb925cd0418412dbe6319fedfb28614 for https://example.com/, launching...
16:06:38.082 INFO - Launching Google Chrome...
Any suggestions?
Try giving location of your chrome exe too along with browser name like this :
selenium=new DefaultSelenium("localhost", 4444, "*googlechrome C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe", "https://example.com");