1 Introduction
The education we have received since childhood is not to lie and to be honest children, but in real life sometimes it is not okay to tell a white lie. Due to the restrictions and verification of various security mechanisms of the server, we have to deceive the server. Today, Brother Hong will share with you the IP deception of Jmeter.
2.What is IP spoofing?
What is mentioned here is the definition of IP spoofing when using Jmeter. The more professional definition is different. IP spoofing is to simulate IP. What does it mean? A computer has only one IP address. Of course, if there are multiple network cards, there will be multiple IP addresses. Generally, there is a network card on the server. Our own computers generally have only one IP address, but if you do a stress test, Sometimes, in order to prevent malicious brush requests, some systems will determine whether the IP address of each request is the same. If the same IP address is requested frequently within a period of time, the IP address will be blocked. In this case, you will be affected when doing stress testing, because your computer only has one IP address, and all requests are sent to only one IP address. In this case, you need to use IP spoofing, so The IP address that the request is sent to is not the same, which can solve this problem. IP spoofing is used in this situation.
If you want to learn automated testing, I recommend a set of videos to you. This video can be said to be the number one automated testing tutorial on the entire network played by Bilibili. The number of people online at the same time has reached 1,000, and there are also notes that can be collected and communicated with various channels. Master technical communication: 798478386
https://www.bilibili.com/video/BV17p4y1B77x/?spm_id_from=333.3373.Is IP spoofing really useful?
IP spoofing is called ip spoofing. If it is spoofed, it is fake. There are two situations. In one case, IP spoofing is useful, and in the other case, IP spoofing is useless, it is just deceiving yourself.
The first situation, intranet stress test:
For intranet stress testing, IP spoofing is useful. IP spoofing is to find some unused IP addresses in the LAN, and then send requests to them using these IP addresses. In this case, The IP addresses received by the server are all IPs in your LAN, and they indeed simulate other IPs.
The second situation is external network stress test:
external network stress test. For external network stress test, our system is deployed on the external network and everyone can access it. In this case, the IP simulated by ip spoofing is still the local area network. The IPs inside are the same as the exits of the entire network in your company. For example, if your company is a China Unicom network and you have a network cable connected, then the requests sent by people in the entire company will all be exported through one network cable. There is only one external IP address that goes out through the exit. So no matter how much IP spoofing you do, you can do it in the LAN. There is always one exit, so it cannot be simulated. This is just deceiving yourself.
4. Why disguise and deceive?
Simply list a few reasons:
(1) Since most servers now filter the same IP address for security reasons, for example, if Baidu sends a large number of requests to the same IP in a short period of time, the IP will be banned for a period of time. So if we want to achieve normal stress testing results, we need to forge different IP addresses when sending requests.
(2) When we are doing stress testing, we have such scenarios and needs, and we hope to simulate batch users from different IP addresses.
First, let’s take a look at Brother Hong’s environment.
5. Environment
Jmeter version: 5.1.1, as shown in the figure below:
System: Windows 10 version 64-bit system (32-bit students will find their own solution), as shown in the figure below:
Then, follow along and take a look at the general steps.
6.General steps
The main steps are divided into the following 3 steps:
Step one: Bind the IP address on the load machine.
Step 2: Save the bound IP address to a txt file.
Step 3: Add configuration elements and configure IP parameters in the jmeter test plan.
Step 4: In the http request to be deceived, modify the Implementation to httpclient mode, modify the Source Address, and specify the local address to be used in the request (parameterization).
Step 5: Add the viewing results tree.
Finally, follow the general steps and try it out in practice.
7. Actual combat
Step 1: Bind the IP address on the load machine:
a. Start menu -> Settings -> Network and Internet -> Change adapter options -> Ethernet
b. Right-click Ethernet (find the connection you are using, wired or wireless) -> Properties, select Internet Protocol version 4 (double-click to open the window ), if you use automatic IP acquisition, you have to set the IP manually
c. Select the Advanced button in the properties window, select IP settings, click Add, enter the new IP address (note that there is no IP conflict in the LAN, you can ping in advance Look for unused IP), but the subnet mask must be consistent.
Note: The load machine needs to have a fixed IP address
First open the network configuration on the load machine and change the IP address to a fixed IP, as shown in the figure below:
Then click Advanced to manually add the IP address you want to forge, as shown in the figure below:
You need to pay attention to whether the address added here is already occupied. You can ping the address you want to forge first. If it prompts that the target host cannot be accessed, it means that the address is not occupied and can be added normally.
Step 2: After the IP is bound, you need to record the IP address just now in a txt document so that you can parameterize and call you to forge your IP in subsequent requests. As shown below:
Step 3: After the IP binding on the load machine is completed, you need to set variables in jmeter to call, add configuration components and configure IP parameters in the jmeter test plan. As shown below:
Step 4: In the http request to be deceived, modify the Implementation to httpclient mode, modify the Source IP Address, and specify the local address to be used in the request (parameterization)
In the sample-http request, modify Implementation to httpclient mode, and call the set parameters in Source IP Address (variable name set in CSV Data Set config: IP), as shown in the following figure:
Step 5: Add the viewing result tree, run Jmeter, and view the result tree. As shown below:
You are all dumbfounded. If you don’t see the requested IP address, then you can add a method that can display your IP address. Here a BeanShell sampler content is added: log.info("${ip}"), as shown in the following figure:
Run it again to view, as shown in the figure below:
8. Summary
Note: I saw some blogs saying that the official document has the implementation of this function in jmeter2.5 and above. However, some people have also implemented it in the following versions without doing it personally. Interested friends can take a look.
We have realized that requests come from different IP addresses, which is the technical precautions for implementing our IP spoofing:
(1) The IP address we added must be unused. This part requires manual verification. This is different from LR. Difference;
(2) The address we added needs to be copied to a text file and then parameterized;
(3) Parameterized variables need to be referenced in the stress test script, don't forget.
Careful friends will notice that Hong Ge’s screenshots are different before and after. That’s because during practice, when Hong Ge started to fight locally, he directly killed the network, so Hong Brother later started to fight directly on the server. , don’t worry if the wired network is gone, uninstall the network card in the device manager, remember not to check the button to delete the uninstall item, then restart the computer, the computer will automatically load the network card and the wired network will be restored. This phenomenon for Brother Hong may not be suitable for you, but you can give it a try if you encounter it.