Page 1 of 1
Webinject
Posted: Mon May 28, 2012 9:32 am
by chagrinboy2001
Hi,
I try to use webinject script to monitor the authentication.
What I did? ( step by step )
- Downloaded Webinject script from
http://www.webinject.org/download.html
- Extracted and copied webinject.pl, config.xml and testcases.xml to nagios libexec folder
-testcases.xml
Code: Select all
<testcases repeat="1">
<case
id="1"
method="post"
url="http://xx.xx.xx.xx/page/SMlogin.html"
postbody="username=guid&password=password"
logrequest="yes"
logresponse="yes"
/>
</testcases>
The result of my test ever is the same, if I put a bad user o pass, the result is always ok.
Re: Webinject
Posted: Tue May 29, 2012 10:16 am
by scottwilkerson
Generally speaking you will need to add a verify positive or verify negative in there to know what you are testing against
http://www.webinject.org/manual.html#tcparamverpos
Re: Webinject
Posted: Wed May 30, 2012 9:15 am
by chagrinboy2001
Still doesn't work
Can you remark an error in my files config/commands?
Thanks
Case 1 is OK !
Config.xml
Code: Select all
<testcasefile>testcases.xml</testcasefile>
<baseurl>https://mywebsite/Redirect.pl</baseurl>
<timeout>10</timeout>
<globaltimeout>20</globaltimeout>
<reporttype>nagios</reporttype>
testcases.xml
Code: Select all
<testcases repeat="1">
<case id="1"
description="Open page"
method="get"
url="{BASEURL}"
verifypositive="To reset your password, please send a signed e-mail to"
errormessage="Unable to open page 1" />
<case id="2"
description="Authentication"
url="{BASEURL}"
method="post"
postbody="username=USERNAME&password=PASSWORD"
verifypositive="Hello, USERNAME"
errormessage="Unable to open page no 2" />
</testcases>
Login form
Code: Select all
<form id="loginForm" action="" method="post">
<div id="loginbox">
<input type="hidden" name="SMENC" value="ISO-8859-1" />
<input type="hidden" name="SMLOCALE" value="US-EN" />
<input type="hidden" name="target" value="HTTP://mywebsite2/Redirect.pl" />
<input type="hidden" name="smauthreason" value="0" />
<input type="hidden" name="smagentname" value="XiZ/NRJ2FQHcsw03St3G8a21q2S6eSB/Rj0SVWhyp4SE0+KWFg6SA7WqudluBejI" />
<input type="hidden" name="postpreservationdata" value="" />
<fieldset>
<legend>Login</legend>
<div id="usernamecon">
<label for="username">GUID</label>
<input type="text" id="username" name="USER" />
</div>
<div id="passwordcon">
<label for="password">Password</label>
<input type="password" id="password" name="PASSWORD" />
</div>
<div id="submit">
<input class="button" type="submit" name="loginbutton" id="loginbutton" value="login" />
</div>
</fieldset>
</div>
</form>
Code: Select all
[root@NagiosXi libexec]# ./webinject.pl
WebInject CRITICAL - Unable to open page no 2 |time=1.032;20;;0
Re: Webinject
Posted: Wed May 30, 2012 9:39 am
by scottwilkerson
Does this form allow submitting without that smagentname field?
Re: Webinject
Posted: Wed May 30, 2012 9:52 am
by chagrinboy2001
No. Can I include somehow this field in files config?
Re: Webinject
Posted: Wed May 30, 2012 12:46 pm
by scottwilkerson
This is likely not fully complete, but should get you started...
You would add something like this to id="1"
Code: Select all
parseresponse='smagentname" value="|"'
and then add this to id="2"
Code: Select all
postbody="smagentname={PARSEDRESULT}&username=USERNAME&password=PASSWORD"