jmeter by BeanShell, interface parameters for encryption HmacSHA256 2019-04-29 05:10
ps. the recent capture site login request, found on two parameters, the user name and password through this interface tools to request, always return parameter error.
There are probably two reasons for it: 1 connection type is not specified 2. The parameter is incorrect (password is not encrypted transmission)
Capture can be seen that the server receives a transmission json format.
Add a connection type in jmeter add http header Manager
| Content-Type | application/json |
Next, referring to the next parameter encryption issue http request, the site server using a HMACSHA256 encryption.
Java implementation uses the following methods:
package com.Base64; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; public class HMACSHA256 { /** * Convert the encrypted byte array into a string * Byte array * @param b * @Return string */ public static String byteArrayToHexString(byte[] b) { StringBuilder hs = new StringBuilder(); String stmp; for (int n = 0; b!=null && n < b.length; n++) { stmp = Integer.toHexString(b[n] & 0XFF); if (stmp.length() == 1) hs.append('0'); hs.append(stmp); } return hs.toString().toLowerCase(); } /** * Sha256_HMAC encryption * @Param message news * @Param secret keys After the encrypted string * @return */ public static String sha256_HMAC(String message, String secret) { String hash = ""; try { Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256"); sha256_HMAC.init(secret_key); byte[] bytes = sha256_HMAC.doFinal(message.getBytes()); hash = byteArrayToHexString(bytes); } catch (Exception e) { System.out.println("Error HmacSHA256 ===========" + e.getMessage()); } return hash; } }
The method sha256_HMAC accepts two parameters, message information can be understood as a password, secret keys: username. The principle of the specific encryption method can Baidu next.
After their completion by the eclipse, export jar package.
In the right-src at the export export jar package named Base64URLSafe.jar, on jmeter / lib / ext
Add the jar package in the bottom of the library jmeter test plan, the restart jmeter
After the new http request, plus a pre-processor in the following: BeanShell PreProcessor
ps: because the step has been the introduction of the jar test plan, where you can import the jar package inside the java package directly, HMACSHA256 com.Base64 in this package, you can directly introduced.
Insert the following code: where the user name and password added to the environment variable, so that after the parametric configuration.
com.Base64 amount. * ; // new new instance of a HMACSHA256 psSha256 = new new HMACSHA256 (); //调用HMACSHA256类的sha256_HMAC方法,进行hmacsha256加密 String psStr=psSha256.sha256_HMAC("${password}","${email}"); vars.put("PASSWORD_SHA256",psStr);
在需要用到变量的地方直接引用:
运行结果如下:
可以看到参数经过HMACSHA256加密后正常传输给后台接收,今后也可以通过引用jar包的方式,把自己想实现的功能封装后导出给jmeter调用。 如果后台是加密的话,最好问下开发用的是哪种加密方式,我就被sha256加密坑了半天。下面附上sha256的加密方式:
package com.Base64; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class SHA256 { public static String Encrypt(String strSrc,String encName) { MessageDigest md = null; String strDes = null; byte[] bt = strSrc.getBytes(); try { if (encName == null || encName.equals("")) { encName = "SHA-256"; } md = MessageDigest.getInstance(encName); md.update(bt); strDes = bytes2Hex(md.digest()); } catch (NoSuchAlgorithmException e) { return null; } return strDes; } public static String bytes2Hex(byte[] bts) { String des = ""; String tmp = null; for (int i = 0; i < bts.length; i++) { tmp = (Integer.toHexString(bts[i] & 0xFF)); if (tmp.length() == 1) { des += "0"; } des += tmp; } return des; } } //jmeter引入 import com.Base64.*; //new 一个实例 SHA256 psSha256 = new SHA256(); //调用sha256类的encrypt方法,进行sha256加密 String psStr=psSha256.Encrypt("password1","SHA-256"); String psStrUpper = psStr.toUpperCase(); vars.put("PASSWORD_SHA256",psStrUpper);
如果对jmeter二次开发,参考https://blog.csdn.net/y100100/article/details/80701049