Automation tool to edit and post http requests for login authenticated pages
 

Hello Sir,

I want a automation tool to edit and posts http request. I can get all details about request using firefox's firebug or chrome's inspect element but If I want to post request just like we do in browser, I need automation tool for it.

I have used REST API client Postman and Advance REST but they are not useful in login protected web pages. I can post data using these but if a url like edit profile of a user or , it will throw out on login page if user is not logged in and that should be the behaviour because how can system know, whom you want to edit. When you login to the site then system know you want to edit this user. If you are using only url, that will not work.

So I want an automation tool using that, I can log into system and perform all activities which need authentication.

Please help.

First, there are not just "sirs" here. Secondly, what exactly are you trying to do? What is your goal???

Because based on what you posted, it seems like you said:

• I have a tool that will do what I want...
• ...unless a person isn't logged in....
• ...so I want something that can get around security and edit profiles

Clarify, please.

Hi TB0ne,

I want to submit some web forms but not using browser. I want an automated tool for it. Using this tool, I should be able to submit the form. I will select the method of the form (POST or GET). In place of url, I will fill the action of the form and pass the parameters. Then I will submit it and will the check the effects in database.

If the form does not require login credentials, I can do it using POSTMAN (plugin of chrome) but suppose I want to submit a profile page of a user or checking forgot password functionality or any other form which needs login credentials, I can not do it using POSTMAN because edit profile or forgot profile submit form url throws me out on the login page.

Why do I want to do this?
1) I need to check server side validations of the forms, are they implemented properly or not? If I disable java script in browser and check the server side validations, that is not possible there because java script is needed to view the site. Forms are developed in AJAX so it is not possible to check server side validations without enabling java script.
2) I need to check sql injections and xss injections, I need to fill these values in forms and submit them. If I try them in browser, java script validations does not let me do it but I need to check, are they properly handled in server side language too because if they are popping out database values and sensitive data after submitting sql and xss injected values, the forms are not developed well.
3) I need to be sure if changing user IDs in url should not update the data in other user's profile, it should be well handled that the updation should be done in logged in user's profile.

Tools such as wget, and higher-level tools built around it (available in all programming languages as "library packages"), can handle the process of communicating with secure and authentication-required websites. They're able to handle cookies, SSL exchanges, local storage, and other requirements of those sites, allowing them to be effectively automated.

You can also use other tools, for testing purposes, such as Selenium, which actually uses "an actual web-browser" to communicate with the site, under Selenium's automation and control.

Nice...first I'd heard of Selenium. Will have to investigate.

Selenium [i](note the slightly-forced website name, http://www.seleniumhq.org) is a very interesting tool ... and a complement to wget.

Although wget knows how to do "anything HTTP," it doesn't know about JavaScript, and particularly it doesn't know about a particular web-browser's implementation.

(Yes, there are tools built upon wget which do know about JavaScript, "according to accepted standards," but since when did Microsoft an actual web-browser vendor pay much attention to standards?) :rolleyes:

Selenium is mainly intended to be a testing tool, not a substitute for wget. (Nor, vice-versa.) But, from time to time, you'll find yourself using both of them ... and, very glad to have both of them.

Found JMETER.

Not that easier but Easier than Selenium. Trying to learn it.

If you have anything similar like jmeter, please suggest.

Looks like you want to do security testing for a web application. You can use CURL to test these. Whatever you are asking can be done using CURL.
If your site's login protected pages are using different csrf tokens on each page with cookie based form submission, you can test this using curl and curl communicates with server directly so java script or html5 validations do not affect it.

If you are good in shell script, you can write your test plan in bash using CURL from token retrieving to form submission with different inputs.
If you want some examples, take a look.
http://superuser.com/questions/64083...x-command-line
http://stackoverflow.com/questions/1...different-page
https://www.youtube.com/watch?v=tCfB6BP-PN4