Webinject How to
When monitoring websites many times we will need more then just check if the site is up.
We may need to see if the internals of the website is working, a good example is making a user login check.
Using nagios alone it can not be done, but thanks to Corey Goldberg, it is possible using his script webinject.pl.
From the author:
“WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests.”
And yes it works with HTTPS and redirections. Well, to get it working just follow these steps:
Extract and copy webinject.pl, config.xml and testcases.xml to nagios libexec folder.
reporttype - should be removed untill you get all working this way you can debug by seeing all comunitcation
output on the shell prompt.
useragent - is what the server will think your website is, well just so the admins dont panic I copied HTTP header of firefox.
testcase – the xml file we will put all the steps of our check
errormessage=”Website not loading”
verifynegative=”User not found”
errormessage=”could not authenticate”
The hardest part will be to identify two things the:
url - where the user password is processed, usually a form action will refer to it, check the source code of the id=1 page and look for it.
postbody – the trick here is to use httpfox download here . Also LiveFox will do the trick.
Now perform the login via web and look to your post code, just paste that here.
Need more debugging?
use the options logrequest=”yes”and logresponse=”yes” in the testlogin.xml and after your run a test
# ./webinject -c test.xml
checkout the file http.log it will have all source communication.
The program has also a GUI version, but I have not tried it, take a look at the Screenshots.
any more doubts and more details check out the forum at www.webinject.org