jmeter 接口重放（投票活动）

目的

这几天公司弄了个投票的活动，召集大家一起投票。自己比较懒，就想这个投票是不是可以直接抓包进行重放通过jmeter集成到jenkins里面去每天来跑。试了下成功了，这里把对应的方案抛出来。

第一步，抓包

抓包我用的burpsuite，具体的使用过程大家可百度。

• 手机同电脑连接到同一个wifi
• 设置手机代理ip为电脑ip，代理端口为电脑监听端口
• 发送请求进行抓包
• 回放验证抓包是否成功

抓包的结果：

使用前端1

POST /doVote HTTP/1.1
Host: vote.sztopbrand.com
Content-Length: 61
Accept: */*
Origin: http://vote.sztopbrand.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; NX529J Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.8 TBS/036872 Safari/537.36 MicroMessenger/6.3.27.880 NetType/ctlte Language/zh_CN
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://vote.sztopbrand.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
Cookie: XSRF-TOKEN=eyJpdiI6IjE3XC9SUXN4QnRYTVhnaENUYnIrMWVnPT0iLCJ2YWx1ZSI6InlPaUw5S3JXQlpDUGlVdUlHbXR0TjFaZXdjTDBaNnlQYjl4UjFwVlNHQlhpclVncVdhSDRrZk1ZVGhBWjcwbmR2Y0xPSGZLKzJsRWp5bjNoaEo2WGNnPT0iLCJtYWMiOiI2NGZlMTBlNTIzMTc1MGFlODIzYTYyNGYyNzYwNDRiNzYyOTg3YzkyOTFkNDc1NjFiZjdhMjdkNmMxYzg2MmFhIn0%3D; laravel_session=eyJpdiI6Img0dG9KMGFDZERPODQxRFNjRFVvV3c9PSIsInZhbHVlIjoiV0VOZFNwMnd0K2R1b3ZjM1FCa0ptTmlhUDNNQmsrcjVFN0E1Uk54Y0dPVk9WSWxXeXl5RGFKKzd2TkxmcEFQa3I2TGV5dWFJZWN1TURBK1EwMGttRnc9PSIsIm1hYyI6IjM4ZjAyZTFkOTc4MzBkZjhjYjU2MzgyZTJlZWFhZDgzYjk4ODQ0YzIxZjFjN2E2YTNiYmFkODQyZWYwNjM4ZjgifQ%3D%3D; Hm_lvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479118062,1479134782,1479174047,1479192380; Hm_lpvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479192380
Connection: close

company_id=71&_token=VuqAHrMtF3DfvF8cQDHGmFasi8JFOwvBtSqPutgM

　　使用前端2

POST /doVote HTTP/1.1
Host: vote.sztopbrand.com
Content-Length: 61
Accept: */*
Origin: http://vote.sztopbrand.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Linux; Android 6.0; MX6 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.8 TBS/036872 Safari/537.36 MicroMessenger/6.3.30.920 NetType/WIFI Language/zh_CN
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://vote.sztopbrand.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
Cookie: __utma=136377015.1353196735.1479114830.1479114830.1479114830.1; __utmz=136377015.1479114830.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); XSRF-TOKEN=eyJpdiI6IitTc3cwNTNQSDlSR21LRDdYRUNqVGc9PSIsInZhbHVlIjoiVDZCSHpxN2ZUV1pxMFFBOXFNV3J0TWFDaW9kZ1pseDBYUW9yVjFQdUxYZVdEcThyU1BwOFhxaXFOU3ZKR3lJYm5obW04dzBDWGZacjZ4UW1jUVhqOGc9PSIsIm1hYyI6IjgwMjIwMmNiNGE4OGI3YmUwNTc5MzVkNGU2YTQ4ODNkNGU5MjY3ZDAwZTIzZWZkYjBjMmM4MGM1ZDg0NjcwZGMifQ%3D%3D; laravel_session=eyJpdiI6Imh0TE4yelk5WTVBTzg5Sm9xcVBJd3c9PSIsInZhbHVlIjoibDFzV2tGV0dqaWxEZGczb3dIeDJCT014RzYyZFZJTE9cL0hyTThPK2xXUjNtVXNRenp5c3Axa3BMZ0NNRW9hUFU2SytnOXNiaXVHSWtCSmhVMnZZTk5BPT0iLCJtYWMiOiIyMTJiMjQ4MzhlYmU4YjAyMmFhN2I5YWIwZjc2NGZlY2U3YTE4MzA5NTY1MjY5NzA1ZGYyMWEwNjEwOWRmOTVlIn0%3D; Hm_lvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479117072,1479191845,1479192768; Hm_lpvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479192768
Connection: close

company_id=71&_token=h7PMxnaxonS0FjvU2UBfSJSvdjKHUz2aBKN5POOl

请求对比，时效验证

对比：

对比的目的是判断两个请求在哪些内容存在区别，方便模拟手机

时效验证：

验证是否有时效校验，如果有的话就不能进行重放了

cooki看了好几个，没法找出规律，那么无法直接模拟手机了。不过时效验证通过了，那么可以直接抓包进行重发攻击了。

创建jmeter测试任务

整体截图

单个请求的配置，包括请求体，请求头，cookie

cookie的手动配置

需要注意的是，抓包获取的cookie不能像通过firefox或者Chrome通过调试的方式直接导出需要手动来配置

jmeter的cookie配置

抓到的包

POST /doVote HTTP/1.1
Host: vote.sztopbrand.com
Content-Length: 61
Accept: */*
Origin: http://vote.sztopbrand.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Linux; Android 5.1.1; NX529J Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile MQQBrowser/6.8 TBS/036872 Safari/537.36 MicroMessenger/6.3.27.880 NetType/ctlte Language/zh_CN
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://vote.sztopbrand.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,en-US;q=0.8
Cookie: XSRF-TOKEN=eyJpdiI6IjE3XC9SUXN4QnRYTVhnaENUYnIrMWVnPT0iLCJ2YWx1ZSI6InlPaUw5S3JXQlpDUGlVdUlHbXR0TjFaZXdjTDBaNnlQYjl4UjFwVlNHQlhpclVncVdhSDRrZk1ZVGhBWjcwbmR2Y0xPSGZLKzJsRWp5bjNoaEo2WGNnPT0iLCJtYWMiOiI2NGZlMTBlNTIzMTc1MGFlODIzYTYyNGYyNzYwNDRiNzYyOTg3YzkyOTFkNDc1NjFiZjdhMjdkNmMxYzg2MmFhIn0%3D; laravel_session=eyJpdiI6Img0dG9KMGFDZERPODQxRFNjRFVvV3c9PSIsInZhbHVlIjoiV0VOZFNwMnd0K2R1b3ZjM1FCa0ptTmlhUDNNQmsrcjVFN0E1Uk54Y0dPVk9WSWxXeXl5RGFKKzd2TkxmcEFQa3I2TGV5dWFJZWN1TURBK1EwMGttRnc9PSIsIm1hYyI6IjM4ZjAyZTFkOTc4MzBkZjhjYjU2MzgyZTJlZWFhZDgzYjk4ODQ0YzIxZjFjN2E2YTNiYmFkODQyZWYwNjM4ZjgifQ%3D%3D; Hm_lvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479118062,1479134782,1479174047,1479192380; Hm_lpvt_0d1031f7c74d8a4a33cac86fce2fc8f4=1479192380
Connection: close

company_id=71&_token=VuqAHrMtF3DfvF8cQDHGmFasi8JFOwvBtSqPutgM　

• 配置说明：

• 名称:对应字段值的标示

• 值:标示对应值（查看会以;进行分隔）
• 域：host地址
• 路劲：对应host请求的路劲
• 安全：按需填写

最后测试结果：

验证通过，之后就是接入jenkins配置成计划任务了！