2

I need to extract a CSRF token from a webpage, then log it via BeanShell. The latter part is working thanks to the help I received in this thread, but now I need to figure out how to get ${token} to populate with the right data.

Note: I know the Regular Expression Extractor is not the preferred method, but I have to stay within the parameter of the exercise, in this case.

First, I have a HTTP Request set to perform a GET against www.blazedemo.com/register.

Second, I checked the response data shown in the response tree to find the CSRF token:

<!-- CSRF Token -->
<meta name="csrf-token" content="4ZCKKqQgwJH5lT5dQSeAwgeyOr7plAe7IOVRGmQm">

I have a Regex Extractor setup to grab it:

enter image description here

In case it fails to do so, I have default set as "NOT_FOUND".

Finally, I have a post processor logging whatever value is given to ${token}.

I find the following in my log:

2017-10-31 15:12:31,975 INFO o.a.j.u.BeanShellTestElement: The token is: NOT_FOUND

Ori Marko
  • 56,308
  • 23
  • 131
  • 233
James Panetti
  • 238
  • 1
  • 2
  • 13
  • Not sure why it's not working for you, it does for me assuming the input is exactly the same. I would suggest you change `(.*?)` to `([^"]*)` as it's more effective. See [this](http://jmeter.apache.org/usermanual/regular_expressions.html#examples) for more info – ctwheels Oct 31 '17 at 20:57

2 Answers2

3

Remember that it is not recommended to use regular expressions for parsing HTML, I would recommend going for CSS/JQuery Extractor instead.

  1. Add CSS/JQuery Extractor as a child of the request which has this CSRF token

  2. Configure it as follows:

    • Reference Name: anything meaningful, i.e. token
    • CSS/JQuery Expression: meta[name=csrf-token]

    • Attribute: content

      JMeter CSS Jquery Extractor

Demo:

JMeter CSS Jquery Extractor Demo

More information: How to Use the CSS/JQuery Extractor in JMeter

If you still want to go for Regular Expressions - change "Field to check" to Body, however I wouldn't recommend this as when it comes to parsing HTML responses regular expressions are headache to develop and/or support and very sensitive to any markup change, i.e. if order of attributes changes or an attribute goes to a new line it will ruin your test.

Dmitri T
  • 159,985
  • 5
  • 83
  • 133
  • I knew it was going to be something simple I was missing, and sure enough, it was that I wasn't using "body". Thank you so much for the advice! I was hung on this for longer than I'd want to admit! As I mentioned in the original post, I know regex is not the preferred method, but I'm restricted by the parameters of the exercise. That said, once I'm done with this, I'll repeat the exercise using your suggestions so I can properly learn the better method. – James Panetti Nov 01 '17 at 18:44
2

You choose in checkbox Response Headers which means it searches expression inside Request's headers.

In your case you search for HTML tag meta, you need to choose Body.

Ori Marko
  • 56,308
  • 23
  • 131
  • 233