How To Handle CSRF Token in Jmeter

What is CSRF- CSRF stands for Cross-Site Request Forgery. Generally when we login in website it always ask for authentication. For the security point of view developer mostly time pass the csrftoken with login parameter. but our topic is how to handle this csrf token in jmeter.

when we do load testing using jmeter and if we not handle the csrf token we get this type of error.

CSRF and JMETER-

For handling the csrf token we have to use such Parameter in jmeter.

1-HTTP COOKIE MANAGER.

2-HTTP HEADER MANAGER.

3-REQUEST PARAMETER.

EXTRACT CSRF TOKEN USING JMETER POST PROCESSORS-

For extracting csrf we have to add post processors in test plan then we have to add Regular expression extractor.

Regular expression extractor handle this csrfToken and its value because each time this value is changed.

In Regular expression extractor we have to defined certain field.

Reference Name: value

Regular expression: name=”csrfToken” value=”(.+?)”

Template: $1$

Match no: 1

WE just pass this JMeter variable in Request Parameter.

Now we execute the script and see the result.

This is how you can deal with CSRF protection in your Apache JMeter test script.