Webinject How to
When monitoring websites many times we will need more then just check if the site is up.
We may need to see if the internals of the website is working, a good example is making a user login check.
Using nagios alone it can not be done, but thanks to Corey Goldberg, it is possible using his script webinject.pl.
From the author:
“WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests.”
And yes it works with HTTPS and redirections. Well, to get it working just follow these steps:
2.
Extract and copy webinject.pl, config.xml and testcases.xml to nagios libexec folder.
3.
Configuring config.xml
nagios
User-Agent: Mozilla/5.0
testlogin.xml
15
onfail
reporttype - should be removed untill you get all working this way you can debug by seeing all comunitcation
output on the shell prompt.
useragent - is what the server will think your website is, well just so the admins dont panic I copied HTTP header of firefox.
testcase – the xml file we will put all the steps of our check
4.Configuring testlogin.xml
id=”1″
description1=”Test Web”
method=”get”
url=”https://sweb.meuteste.com/jsoe/signon/login.do”
verifypositive=”User”
errormessage=”Website not loading”
id=”2″
description1=”Web Autenticacion”
method=”post”
url=”https://sweb.meuteste.com/jsoe/signon/usernamePasswordLogin.do”
postbody=”josso_cmd=login&josso_username=test1&josso_password=test1″
verifypositive=”Welcome, test1″
verifynegative=”User not found”
errormessage=”could not authenticate”
The hardest part will be to identify two things the:
url - where the user password is processed, usually a form action will refer to it, check the source code of the id=1 page and look for it.
postbody – the trick here is to use httpfox download here . Also LiveFox will do the trick.
Now perform the login via web and look to your post code, just paste that here.
Need more debugging?
use the options logrequest=”yes”and logresponse=”yes” in the testlogin.xml and after your run a test
# ./webinject -c test.xml
checkout the file http.log it will have all source communication.
The program has also a GUI version, but I have not tried it, take a look at the Screenshots.
any more doubts and more details check out the forumĀ at www.webinject.org
GroundWork Open Source’s GroundWork Monitor, which has Nagios built-in, has a video entitled “Monitoring Web Sites with WebInject” Watch it here:
http://dev.groundworkopensource.com/resources/gwh/
Let us know if this is helpful! -Peter
Peter Mui, Community Director
GROUNDWORK Open Source, Inc.
139 Townsend Street, Suite 100
San Francisco, CA 94107-1946
+1 415 992 4573
pmui@groundworkopensource.com
http://www.groundworkopensource.com
Hi! I have a problem with WebInject, maybe you could help?. There`s a site gamenext.com,. I`m trying badly to understand what is the url to postdata in. Using httpfox i`ve found this: (https://secure-proc.betaregion.omiverify.com/UserAccount/Processing/1900.1/APP/PostData.ashx) i think that`s the needed url. But then again i can`t figure what should I type to postbody. httpfox returned really huge postdata with redirection links and so on.
I would be just happy if you could give me an advice or suggested xml
thank you!
i`ll just add some more info in case you`ll be intrested
site redirects me right AFTER i filled login&password. But how do I fill these fields via postbody? Please give an advice
hey ane4ka, thanks for posting. i cant open the address you posted. also it would require a user and pass to test it. where you able to get any output in debug mode?
check out the forums, other people have made it work even when redirection exists.
cheers,
felipe
Hi! thanks alot for your reply! the site is http://gamenext.com
)
you can use my account to test(once you`ll have some free time and desire
e-mail=annielee@bigmir.net
passwd:zxc123
I`ve searched alot but it seems like a have some unique problem.
i`ve also wanted to know if there`s any way having http.log while using nagios
@Ane4ka
use config.xml like this for global logging…
Mozilla/4.0
Mozilla/4.0
MSIE 6.0
Windows NT 5.0)
yes
yes – log HTTP for all test cases
onfail – log HTTP for test cases that fail only
nagios
nagios – output of WebInject in console mode will be compatible for use as a plugin for the Nagios monitoring program
mrtg – output of WebInject in console mode will be compatible for use as a plugin (external monitoring script)
standard – reverts to the standard formatted output mode (omitting this setting defaults to ’standard’ mode)
The link that Peter was trying to give to the webinject how-to was not correct. Here you go! http://www.groundworkopensource.com/resources/webcasts/monitoring-web-applications-webinject.html
Holler if you have questions.