How to do interface testing? What can Charles, a certified employee, do for you?

Others 2022-04-20 23:50:00 views: null


Hogwarts produced the "Advanced Test Development Practice" course, and senior test architects and open source project authors taught the cutting-edge best practices of BAT manufacturers. 4 months of 20+ project actual combat intensive training, take you one-stop to master the core skills necessary for BAT test development engineers (standard Ali P6+, annual salary 50W+)! The trainees directly push the test managers of BAT famous enterprises, and the salary is generally increased by 50%+!

In the last article, we felt the beauty of the combination of tcpdump and wireshark. It turned out that tools and tools not only competed, but also cooperated. Do you remember that there is a foreshadowing in the previous article, that is, the proxy tool: charles. This article explains charles and takes you to experience the journey of interface testing.
Charles is an elegant name, you can call it: Mr. Charles. It is an administrator of a network, any of your http/https network messages must be reviewed by Mr. Charles. If you have a good relationship with Mr. Charles, you will get these messages, and you can even tamper and send and receive. Yes, you read that right, charles can handle https protocol messages! In the last article, we were afraid of the https protocol, because https is an encrypted version of http, tcpdump and wireshak are helpless with this encryption method, but charles stands out from the crowd, he is powerful enough to handle messages under the https protocol.

If the proxy configuration is correct, you will see the full picture of Mr. Charles, with a menu bar on the top, each website/host you visit on the left, and information details on the right. It's very powerful, and as long as you learn to use it, you can see everything that is transmitted over the network.

In order for all browser (or web application) data to reach charles, you must set charles as a proxy server, but every time you turn charles on or off, you have to reconfigure it. If you want to be lazy, you can use Proxy- > Proxy Settings pop-up dialog box to configure the behavior.

  • Xiao Ming: "There are two agents in the options, Mr. Charles, what's the difference between them?"

    • charles: "Socks proxies simply pass data packets, regardless of the application protocol (such as FTP, HTTP, and NNTP requests). So, Socks proxies are much faster than other application-layer proxies. And the proxy when browsing the web The server is usually an http proxy!"
    • Xiao Ming: "Haha, I get it. If I can browse the web, it doesn't mean that I can access the Internet through Socks, right?"
    • charles: "Yes, socks are much looser than http!"

  • Xiao Ming: "Since Mr. Charles manages the network, you must have a way to store these network request information, right?"

    • charles: "Of course, my most important skill is recording, all requests and responses will be recorded in the session for everyone to check and analyze later. You can open the File in the menu bar, where you can manage your session, including creating new , open, empty, etc."

  • Xiao Ming asked shyly: "Can I close the record and open it again when I need it, so that I can secretly do some unknown things!"

    • Charles smiled knowingly: "If logging is turned off, Charles will pass all requests normally, but they will not be logged in the session. You can click below to turn off logging."

  • Xiao Ming: "Mr. Charles, I found that on the main interface, there are two options 'Structure' and 'Sequence'. What's the difference between them?"

    • charles: "Hahaha, this is my double-sided mirror! I provide two display modes, you can switch in view->structure/sequence, or you can switch directly in the interface"
    • charles took a sip of tea: "The biggest difference is that the structural view provides a tree diagram display, while the sequential view is displayed in chronological order"

  • Xiao Ming: "So that's the case. I saw a lot of things like links under the view. I'm confused. Lend me your reading glasses."

    • Charles hurriedly hid his reading glasses: "That's not good, but I can teach you a way to filter them. These link-like things are the host name. If you right-click the host name, a series of corresponding operations will appear, such as saving and focusing. , this focus means focusing only on the information we want.”

  • Charles: "The focus operation can filter out useless information. For example, I only want to focus on baidu. I can focus on the Baidu host, so that those non-Baidu hosts will be folded, and the following will appear."

  • Xiao Ming put down the stolen reading glasses: "Wow, that's great, the reading glasses are back to you!"

    • charles: "Whoa, you're mad at me for stealing something from me!"

  • Xiao Ming stared at the screen for a long time: "These blue bars are so beautiful!"

    • Charles held his head high: "Of course, this is the chart, my most beautiful place, the chart mainly records the life cycle of a resource: from requesting to waiting to responding to requests, not only that, it also groups related resources, such as the following 4 pictures are a group."

  • Xiao Ming: "Using the chart, you can know where the request takes a long time, and you won't be waiting stupidly!"

  • Xiao Ming: "Since Mr. Charles is so powerful and can grab network requests unscrupulously, will you be arrested by the police uncle?"

    • Charles is not nervous at all: "What we do is legal operation, I have my own certificate, I call it: Charles Root Certificate, when scraping data, you are likely to receive a warning about the certificate, that is normal, you Just trust it, if you want to trust the Charles Root Certificate once and for all, you can follow the link below"

  • 信任Charles Root Certificate:https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

    • Xiao Ming: "So, what does the certificate have to do with SSL?"
    • charles: "You are actually asking how SSL works. In fact, I am the man in the middle. I view the server's certificate and sign it for the browser, but at the same time, I will send my own certificate to the browser, so there will be a warning, you need to add it to the trust sequence. It can be used normally, and the following picture is clear and clear.”

  • Xiao Ming: "Haha, Grandpa Charles is a little expert."

    • charles: "nonsense, how can you be called grandpa, he is clearly under 30 years old"
    • Xiao Ming: "It's kinder to call it this way."

  • Xiao Ming: "I'm so tired today. I want to send repeated requests to my classmate. He seems to be asleep and hasn't replied to my message!"

    • charles: "Oh, Xiao Ming, how can you manually send one by one, I have a super tool: load test, you right-click the host name -> Advanced Repeat, open it!"

  • charles: "This tool has several difficult parameters, Iterations is easy to understand, which is the number of times you want to send, Concurrency is the concurrency level, which indicates the number of users visiting the site, and the number of iterations."

    • Xiao Ming: "Then I set to send 10 times, the concurrency level is 1, send!"

  • Charles will open a new session at this time and send it 10 times, each time with a corresponding detailed message!

  • Xiao Ming: "The software I wrote is very strange. When the network is good, there is no problem, but when the signal is poor, it is obviously stuck. It seems that I can only squat in the bathroom (poor signal) to adjust the bug."

    • charles: "Hahaha, silly boy, I just bring my own weak network tool. Under Proxy->Throttle Settings, remember to check Enable Throttling before using it."
    • Charles paused: "If you want to specify a website, you can check Only for selected hosts in the figure below, and then add the specified hosts item in the settings in the lower half of the dialog box."

  • Xiao Ming was a little dizzy: "These parameters are so many, so complicated!"

    • Charles smiled and patted Xiao Ming's head: "Xiao Ming, that's how people grow up, it's not always smooth sailing, listen carefully, you can choose the network type under Throttle Preset, for example, choosing a 56 kbps modem can reduce the network speed, and The meaning of the options, I'll list them below"

  • The options in the Throttle Settings view have the following meanings:

  • 1. Bandwidth: bandwidth

  • 2.Utilization: Utilization percentage

  • 3.Round-trip: round trip delay

  • 4. MTU: bytes

  • Xiao Ming: "Grandpa Charles, many IDEs I've used have built-in breakpoint debugging functions. Do you have them here?"

    • Charles: "Breakpoints are very important tools, how can you not have them! You open Proxy->Breakpoints Settings, check Enable Breakpoints to enable breakpoint mode, select Add, and then fill in the Scheme, Procotol, Host and Port that need to be monitored. Wait for the information, so that the purpose of setting breakpoints is achieved. Or you can right-click on a request URL where you want to set a breakpoint and select Breakpoints to set a breakpoint."

  • Xiao Ming frowned: "But this is so troublesome, do you have to set Scheme, Procotol, Host and Port every time?"

    • charles: "Of course not, you can also right-click the host name and select a breakpoint"

  • Xiao Ming clapped his hands: "Wow, that's great, I must try this breakpoint function more."

  • Charles: "Actually, I am not only a proxy tool, but also a reverse proxy"

    • Xiao Ming looked at Charles in confusion: "What is a reverse proxy?"
    • Charles: "Reverse proxy means that the client wants to access the server. He will access the proxy server first. When the proxy gateway gets the user's request, it will be forwarded to a random one of the proxy servers. From the user's point of view, he just accesses the proxy server. It's just a proxy server."

  • Xiao Ming: "That is to say, the reverse proxy is the proxy of the server. The client does not know the existence of the server at all, only the existence of the proxy server!"

    • charles: "Yes, you can find this function in Proxy→Reverse Proxies Settings, which is very common, especially for local development and the need for a domain name".

  • charles: "This screenshot means to map the local port 57689 to port 80 of the www.baidu.com domain name"

  • Xiao Ming smirked: "It's so annoying. I have a lot of online games on my phone. Can I ask Grandpa Charles to help me see what data packets are in the online games? Can I change it?"

    • charles: "What's wrong? Note, I can actually grab the data on the phone, but the computer and the phone need to be on the same wifi network"
    • Xiao Ming looked at Charles excitedly: "Really, what should I do, teach me quickly"
    • Charles shook his head helplessly: "You have to open Proxy->Proxy Settings, fill in the proxy port 8888, and check "Enable transparent HTTP proxying" to complete the proxy"

  • charles: "Then, you need to add a proxy to the mobile wifi network, enter the computer IP and charles' port number: 8888, and you can capture the network data on the mobile phone!"

    • Xiao Ming: "Great, I'm going to try it"

  • 10 minutes later…

    • Xiao Ming: "Charles, I got the data, but why is it unknown?"

  • charles: "You didn't listen to me, so you did it yourself. You are http data. If you want to grab the http package, you need to do the following."

The point is coming, our long-lost https has finally appeared, and charles solved the encryption problem with a certificate. How to do it? If using a computer, install the certificate as follows:

After selecting, the certificate download will appear. After the download is successful, you will see it in the "Keychain Access" of the computer (I have installed and trusted it here), then double-click the downloaded certificate and check Trust.
If using a mobile phone:

Check Install ... Mobile Device in SSL Proxying, a box will pop up, use the mobile phone (in proxy state) to log in to the specified url to download the certificate.

At this time, when you grab https, you still find that it can't work, add unknown to the garbled code (as shown below)

At this time, we still need a step, that is, add the https we want to capture to the SSL proxy, so that it can be recognized and parsed by Charles.

  • Xiao Ming: "Wow, I'm too impatient, now there are no garbled characters."
    Charles' redirection function is divided into two types: Map Remote and Map Local. As the name implies, Map Remote redirects the specified network request to another URL request address, and Map Local redirects the specified network request to a local file. Example to explain in detail.
    5. First save the interface return data (right-click an interface and save it as html format, as shown below)

6. Modify the local html

7. Set charles to map local

8. Request Baidu again at this time

In Charles' menu, select "Tools" -> "Map Remote" or "Map Local" to enter the setting page of the corresponding function.

9. Set the parameter Toos->Map Remote

10. Check the access results, you will find that www.baidu.com will be redirected to www.sougou.com

The Rewrite function is suitable for performing some regular replacements on a certain type of network request to achieve the purpose of modifying the result.
11. Open Tools->Rewrite, replace the content, and replace "My Concerns" on the page with Hogwarts

12. Apply for Baidu again

  • fake: means to make a fake, but it can work. For example, using the hashmap algorithm to replace the database, you can also query/modify the data. Charles uses map remote to implement fake operations.
  • The source of the picture is from the Internet, and the infringement will be deleted immediately
    • stub: Pre-defined replies to limited behaviors. The wooden dummy of Wing Chun is a stub. No matter how you hit it, the wooden stub is unstoppable. For example, no matter what is requested, the return is ok. This is a complete liar. Charles uses maplocal to implement the stub operation.
    • Mock: It can be understood as a more advanced stub, which can customize behavior. Charles uses rewrite to implement mock operations.
    • proxy: proxy. Charles uses a reverse proxy to implement proxy operations.
      The above is an introduction to fake, stub, mock, and proxy. You can understand it as cheating, so Charles is not as kind as we think.
      However, he also has his own good brother: requests. Due to the limited number of words in the article, in the next article I will introduce requests and show you the perfect combination of charles and requests.
      Cahrles is a competent network administrator. This article systematically introduces the use of charles tools from interface to important functions.
      With charles, you can not only send and receive network data on the computer, but also send and receive network data on the mobile phone. Every learner is Xiaoming and is full of curiosity about new software, but in reality there is no Mr. Charles. All questions need to be explored and learned by themselves. Only what you get by yourself is yours.

Wonderful good articles in the past:
What role do tools play in interface testing?
Dubbo interface testing technology, a necessary skill for test development

More technical article sharing
The title diagram is quoted from the Real Python
interface. Request assertion means that after a request is initiated, the content of the returned response is judged to check whether the response content is consistent with the specified return value.
After making the request, we use a variable r to store the content of the response, which is the Response object.
The Response object has many powerful methods that can be called, such as directly obtaining the response header, obtaining the Unicode-encoded response content, obtaining the binary response content, obtaining the original response content, and so on.
Get the response header
Get the encoded response value:
You can also use r.raw to get the original response content, r.content to get the binary response content, and the response content encoded in JSON format, which will be described in detail in the following chapters.
Install JSON library:
Response status code assertion:
assert is a built-in function of Python, used to judge the expression, when the expression condition is False, it will trigger an exception.
r.status_code is a method in the Response object to get the status code of the return value.
assert r.status_code==200 is to judge whether the status code is equal to 200, and if it is not equal to 200, an exception will be thrown.
Counter example: Assert the response status code to determine whether the response status code is 400.
From the previous example, we can know that the response status code should be 200, because it is not equal to 400, so an exception is thrown.
During testing, most of the interface return values ​​are in JSON format. Therefore, mastering the skill of how to assert the JSON response value can more easily improve the interface automation test case.
r.json() First perform JSON encoding for the response value r:
for dictionary format, you can get the value value through dict["key"].
For list format, you can get the value value of the corresponding index through list[index] .
Among the assertions of JSON, the main application is the search method that comes with the dictionary and the list. If you encounter a mixed or nested situation, you only need to dial it layer by layer until you find the field that needs to be asserted.
Dictionary format assertion, judging that the Host in the headers is httpbin.org

1. The first layer is the value with the key value of "header"
2. The second layer is the value with the key value of "Host" 3. Determine whether the value of the key value of "Host" is mixed with the equal dictionary
of "httpbin.org"
List format assertion, judging that the first position of the list corresponding to hogwarts is 'a'

4. The first layer is the value whose key value is 'form'
5. The second layer is the value whose key value is 'hogwarts'
6. The third layer is the value whose index is 0
7. Determine whether the value whose index is 0 in the previous step is More content equal to "a"
, we will interpret it in detail in subsequent chapters.

Original link

More technical articles are shared.
In the 15 hot recruitments, join the group to get the complete outline
Python test development practice advanced, challenge Ali P6+, the annual salary is 50W+!

Interface Test Framework Practice (5) | Data-driven test data

Interface Test Framework Practice (4) | General API Packaging Practice

Interface Testing Framework Practice (3) | APIObject Mode, Principle and Application

Interface testing framework practice (2) | Get interface testing in multiple environments

Interface Test Framework Practice (1) | Process Encapsulation and Test Case Design Based on Encrypted Interface

Dry goods | Get pytest automated testing framework in one article (1)
Dry goods | Get pytest automated testing framework in one article (2)
Python automated testing (3): pytest parameterized test case construction
Python automated testing (4): data-driven
Python automated testing (5) : Pytest combined with Allure to generate test
reports

Original link

More technical articles to share

Guess you like

Origin blog.csdn.net/hogwarts_2022/article/details/124269590
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com