• Products
    Products:
    Menu WAPT
    WAPT

    Regular version of WAPT includes all the basic features required to test a web site with up to 2,000 concurrent virtual users.

    Menu WAPT Pro
    WAPT Pro

    Professional version can use several systems for load generation, remotely control test execution, monitor server performance and handle complex parameterization.

    Menu WAPT Cloud
    WAPT Cloud

    Cloud version of the most powerful load testing solution based on WAPT Pro and all extension modules.

    Extensions:
    Menu Load Engine
    x64 Load Engine

    Powerful load generation utility that can be used together with WAPT Pro to create 10,000 and more virtual users per system.

    Modules:
    Menu ASP.net module
    ASP.net testing

    Enables the automatic parameterization of the view state and event validation values.

    Menu JSON module
    JSON format

    Enables the automatic parameterization of session-specific values found inside JSON structures and creates formatted JSON representation.

    Menu Flash module
    Adobe Flash testing

    Converts binary AMF structures used by Flash applications to XML form.

    Menu WebSocket module
    WebSocket testing

    Utilizes WebSocket protocol for instant data updates.

    Menu PeopleSoft module
    PeopleSoft testing

    Automates client-set cookies creation in PeopleSoft tests.

    Menu Silverlight module
    Silverlight testing

    Converts binary MSBIN structures used by Silverlight applications to XML form.

    Menu GWT module
    GWT testing

    Converts GWT data to XML structures facilitating work with session-specific values.

    Menu Binary module
    Binary formats

    Provides the ability to work with the binary data inside the HTTP requests and responses.

    Menu SharePoint module
    SharePoint testing

    Parameterizes the form digest values in the headers and request parameters of SharePoint applications.

  • Services
    Configuration consulting

    Tell us more about your project and we will provide recommendations on software licenses and hardware configuration required to perform your load test.

    Test design service

    Need help creating a custom test for a website? We are ready to work with you on the test specification and deliver ready to use source files. Accurate emulation is guaranteed.

    Load testing service

    Hire us for a full load testing project. Specify the goals and let us design and run the test. Get the complete analysis and recommendations in the report prepared by our QA team.

  • Download
  • Pricing
  • Support
    Customer support service

    We provide customer support for existing and new customers free of charge. You are welcome to contact us with any questions from pure technical to sales and business opportunities.

    Frequently Asked Questions

    From choosing components to product functionality and licensing.

    Knowledge base

    The complete reference on the WAPT Pro user interface and functionality.

    Quick Start Guide

    A short step by step instruction on how to create a simple but very typical test scenario for a web site, launch the test and interpret its results.

    Product update information

    Version history and our upgrade policy for existing customers.

  • Resources
    WAPT demo video

    This demo clip shows step by step how to design a test with different types of virtual users, perform load testing of a web application, and interpret the test results.

    PowerPoint presentation

    The fastest way to get familiar with load testing and WAPT key features.

    WAPT vs JMeter

    7 reasons why you will be better off with WAPT Pro unless zero license cost is your only target.

    WAPT vs LoadRunner

    How the choice between LoadRunner and WAPT Pro is seen from the new user perspective.

    WAPT tools & services overview

    Load testing tools and services offered by SoftLogica Inc. A guide for decision-makers.

  • Clients
    Customer testimonials

    With more than 3'000 customers worldwide, WAPT is the well-known brand on the performance testing market. Read what our clients have to say about our tools and services.

    WAPT user forum

    The place where users of our tools discuss their testing challenges and technical solutions.

    On Load Testing blog

    In-house expertise, best testing practices, product announcements, etc.

    Case studies

    Patient education - a learning website where people can train their skills.
    iOS application - an online ticketing system integrated with additional services.
    Load balancer - an insurance service with up to 10,000 concurrent user sessions.
    CRM system - a universal bank with broad range of products and services.

Automatic Parameterization of CSRF Tokens


CSRF token is a special token used by some servers to prevent the Cross-Site Request Forgery (CSRF) attacks. It is a random number which is different in each new session. The attacker is not able to guess the token and create a valid request. If the server uses CSRF tokens, it does not accept requests with the wrong token (or no token).

There are several ways to transfer CSRF tokens in the server response:

In the header of server response
In the body of server response
As a cookie value

WAPT Pro can find any of these CSRF tokens in the server responses and automatically parameterize them. Let's see how it works.

During recording WAPT Pro searches for request header X-CSRF-TOKEN. You can see it on the "Request Header" tab of "Response processing". This header has a certain value:



It is the value of CSRF token. WAPT Pro extracts this value and searches for it in the server responses to all previous requests. The search is done in response headers, bodies and cookies.

  1. CSRF token is found in the header of server response
    If WAPT Pro finds the token value in the header of server response, it creates a variable which uses the $Header function:



  2. CSRF token is found in the body of server response
    If WAPT Pro finds the token value in the body of server response, it creates a variable based on the $Search function. This function uses the left and right boundaries of the found value:



    During the test this function will search for the value surrounded by the same boundaries in the body of server response, and variable will get the actual token value.

  3. CSRF token is set as a cookie value
    If WAPT Pro finds the token value set as a cookie value, it creates a variable which uses the $Cookie function:

In all these cases created variable is substituted in the X-CSRF-TOKEN header of request where the token value was initially found:



During the test the X-CSRF-TOKEN will get the actual value expected by the server.

Next page

Products
Download
Pricing
Modules
Services
Support & Resources
Community
Follow us:

Copyright © SoftLogica 2003-2024


Adobe® and Adobe Flash® are trademarks of Adobe Systems Incorporated,
PeopleSoft® is a registered trademark of Oracle Corporation,
SharePoint® is a registered trademark of Microsoft Corporation.

Home Privacy Policy EULA Contact Us