如何围攻使用cookie进行基准测试和负载测试

时间:2012-11-21 03:04:21

标签: session-cookies performance-testing

我已经设置了围攻(v2.70)来测试一个有登录的webapp,然后我有一个大约180个网址的列表来压力测试应用程序的速度。问题是当登录URL返回时,cookie被忽略。

这是siege和应用程序之间网络流量的tcpdump(box.example.org已替代实际网址,这不是问题)

您可以在第一个响应中看到Set-Cookie,然后在下一个GET请求中看不到cookie。我发现了这个:

How do I use the --header option to send cookies with Siege?

但我需要发送的cookie取决于登录,我不能只是硬编码。 FAQ表示支持它们,但tcpdump反对说:

20:25:48.003094 IP (tos 0x0, ttl 64, id 31699, offset 0, flags [DF], proto TCP (6), length 223)
    192.168.20.34.48923 > 192.168.20.81.80: Flags [P.], seq 2734994720:2734994891, ack 3331849910, win 913, options [nop,nop,TS val 2229194446 ecr 50245070], length 171
E...{.@.@......"...Q...P... ...............
........GET /saml/testlogon/ HTTP/1.1^M
Host: box.example.org^M
Accept: */*^M
Accept-Encoding: gzip^M
User-Agent: JoeDog/1.00 [en] (X11; I; Siege 2.70)^M
Connection: close^M
^M

20:25:48.406571 IP (tos 0x0, ttl 64, id 21369, offset 0, flags [DF], proto TCP (6), length 427)
    192.168.20.81.80 > 192.168.20.34.48923: Flags [P.], seq 1:376, ack 171, win 972, options [nop,nop,TS val 50245160 ecr 2229194446], length 375
E...Sy@.@.<....Q...".P...............*.....
...(....HTTP/1.1 302 FOUND^M
Date: Wed, 21 Nov 2012 02:33:32 GMT^M
Server: Apache/2.2.22 (Ubuntu)^M
Vary: Cookie,Accept-Encoding^M
Set-Cookie: sessionid=233511e6001797ec77f7f3a08683ce97; httponly; Path=/^M
Location: http://box.example.org/viewer/start/^M
Content-Encoding: gzip^M
Content-Length: 20^M
Connection: close^M
Content-Type: text/html; charset=utf-8^M
^M
....................
20:25:49.410684 IP (tos 0x0, ttl 64, id 3041, offset 0, flags [DF], proto TCP (6), length 221)
    192.168.20.34.48924 > 192.168.20.81.80: Flags [P.], seq 1168563186:1168563355, ack 1414846755, win 913, options [nop,nop,TS val 2229194798 ecr 50245422], length 169
E.....@.@..v..."...Q...PE...TT.#...........
........GET /viewer/start/ HTTP/1.1^M
Host: box.example.org^M
Accept: */*^M
Accept-Encoding: gzip^M
User-Agent: JoeDog/1.00 [en] (X11; I; Siege 2.70)^M
Connection: close^M
^M

20:25:49.419109 IP (tos 0x0, ttl 64, id 30222, offset 0, flags [DF], proto TCP (6), length 375)
    192.168.20.81.80 > 192.168.20.34.48924: Flags [P.], seq 1:324, ack 169, win 972, options [nop,nop,TS val 50245424 ecr 2229194798], length 323
E..wv.@.@......Q...".P..TT.#E........*.....
...0....HTTP/1.1 302 FOUND^M
Date: Wed, 21 Nov 2012 02:33:34 GMT^M
Server: Apache/2.2.22 (Ubuntu)^M
Vary: Cookie,Accept-Encoding^M
Location: http://box.example.org/saml/testlogon/?next=/viewer/start/^M
Content-Encoding: gzip^M
Content-Length: 20^M
Connection: close^M
Content-Type: text/html; charset=utf-8^M
^M

1 个答案:

答案 0 :(得分:1)

原来问题在于围攻本身。我修改了代码并将其推送到此repo

https://github.com/mark0978/siege

围攻没想到httponly; (没有=)如果过期时间不存在,则过期也会出错。我可以通过在我的应用程序中设置过期时间来修复最后一个,但我只修复了计算。