Getting CSRF token using Gatling and Laravel

Last week I downloaded Gatling 2.3 to see if it could solve my need to load test a Laravel framework web app. Assuming I can get past this current problem, my company might be interested in acquiring the Enterprise version. Attached is a Gatling recording of a single update activity, BookSuite.scala. Also attached is one of several attempts to enable load testing by saving the CSRF token to a variable and sending it with each request (aBookSuite.scala). In Laravel the token remains the same throughout the session.

Also attached is a full trace log of running aBookSuite (gatling.log).

If anyone can help me with grabbing the CSRF token variable, I would be very appreciative.

Regards,
Bruce

PS. Following is the console log:

C:\Users\Bruce\gatling\gatling-charts-highcharts-bundle-2.3.1\bin>gatling
GATLING_HOME is set to “C:\Users\Bruce\gatling\gatling-charts-highcharts-bundle-2.3.1”
JAVA = “java”
Choose a simulation number:
[0] RecordedSimulation
[1] computerdatabase.BasicSimulation
[2] computerdatabase.advanced.AdvancedSimulationStep01
[3] computerdatabase.advanced.AdvancedSimulationStep02
[4] computerdatabase.advanced.AdvancedSimulationStep03
[5] computerdatabase.advanced.AdvancedSimulationStep04
[6] computerdatabase.advanced.AdvancedSimulationStep05
[7] suitetest.BookSuite
[8] suitetest.TestProd1
[9] suitetest.TestProd2
[10] suitetest.aBookSuite
10
Select simulation id (default is ‘abooksuite’). Accepted characters are a-z, A-Z, 0-9, - and _

Select run description (optional)

Simulation suitetest.aBookSuite started…

gatling.log (74.7 KB)

aBookSuite.scala (5.76 KB)

BookSuite.scala (5.82 KB)

Your CSRF token is your HTML in a meta tag:

The best way to parse HTML is to use a CSS selector based check, such as css(“meta[name = ‘csrf-token’]”, “content”). There’s a very similar example in the advanced tutorial.

Cheers,

Thank you for your reply. I put the following code in my .scala file and received the same response error to request_13:

.exec(http(“request_13”)
.post(“https://” + uri1 + “:443/49355629/requirements”)
.headers(headers_7)
.check(css(“meta[name=csrf-token]”, “content”).saveAs(“stoken”))
.formParam(“suiteRequest”, “on”)
.formParam("_token", “${stoken}”))

Console error:

Failed to build request request_13: No attribute named 'stoken 1 (100.0%)
’ is defined

Regards,
Bruce

I don’t know about the response body, but I guess if you want to use the variable stoken, you need to extract it in the previous request. Watch your response body via browser.

Nah, the check is the be performed on the previous request! The one that returned the token you’re trying to inject into this one.

Thanks again for your kind attention. I moved the saveAs up to the previous request, but am still getting the same error.

.exec(http(“request_12”)
.get(“/success.txt”)
.headers(headers_3)
.check(css(“meta[name=csrf-token]”, “content”).saveAs(“stoken”)))
.pause(2)
.exec(http(“request_13”)
.post(“https://” + uri1 + “:443/49355629/requirements”)
.headers(headers_7)
.formParam(“suiteRequest”, “on”)
.formParam(“_token”, “${stoken}”))

Failed to build request request_13: No attribute named 'stoken 1 (100.0%)
’ is defined

Regards,
Bruce

Your logs don’t match your code. You might be editing somewhere else/not saving/not properly recompiling.

You need to record the navigation again.
First, disable a option in firefox, http://forums.mozillazine.org/viewtopic.php?f=9&t=3030018
Then you will get the correct requests.

Success! Attached is the successful .scala file. I recorded the navigation using the suggested Firefox config change and things became much easier. The resulting recording was much shorter without all the “success” requests. I hope this will help all the other Laravel framework people out there when they look for similar help. Attached is the working script, bBookSuite.scala.

bBookSuite.scala (2.81 KB)

This is not a Lavarel’s problem, it’s a Firefox’s matter.