Home > HowTo, Linux, Nagios > Webinject How to

Webinject How to

October 14th, 2008 Leave a comment Go to comments

When monitoring websites many times we will need more then just check if the site is up.
We may need to see if the internals of the website is working, a good example is making a user login check.
Using nagios alone it can not be done, but thanks to Corey Goldberg, it is possible using his script webinject.pl.
From the author:
WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests.
And yes it works with HTTPS and redirections. Well, to get it working just follow these steps:

1.
Download Webinject

2.
Extract and copy webinject.pl, config.xml and testcases.xml to nagios libexec folder.

3.

Configuring config.xml
nagios
User-Agent: Mozilla/5.0
testlogin.xml
15
onfail

reporttype – should be removed untill you get all working this way you can debug by seeing all comunitcation
output on the shell prompt.
useragent – is what the server will think your website is, well just so the admins dont panic I copied HTTP header of firefox.
testcase – the xml file we will put all the steps of our check

4.Configuring testlogin.xml
id=”1″
description1=”Test Web”
method=”get”
url=”https://sweb.meuteste.com/jsoe/signon/login.do”
verifypositive=”User”
errormessage=”Website not loading”

id=”2″
description1=”Web Autenticacion”
method=”post”
url=”https://sweb.meuteste.com/jsoe/signon/usernamePasswordLogin.do”
postbody=”josso_cmd=login&josso_username=test1&josso_password=test1″
verifypositive=”Welcome, test1″
verifynegative=”User not found”
errormessage=”could not authenticate”

The hardest part will be to identify two things the:
url – where the user password is processed, usually a form action will refer to it, check the source code of the id=1 page and look for it.
postbody – the trick here is to use httpfox download here . Also LiveFox will do the trick.
Now perform the login via web and look to your post code, just paste that here.

Need more debugging?
use the options logrequest=”yes”and logresponse=”yes” in the testlogin.xml and after your run a test
# ./webinject -c test.xml
checkout the file http.log it will have all source communication.

The program has also a GUI version, but I have not tried it, take a look at the Screenshots.

any more doubts and more details check out the forumΒ  at www.webinject.org

  1. October 15th, 2008 at 19:24 | #1

    GroundWork Open Source’s GroundWork Monitor, which has Nagios built-in, has a video entitled “Monitoring Web Sites with WebInject” Watch it here:

    http://dev.groundworkopensource.com/resources/gwh/

    Let us know if this is helpful! -Peter

    Peter Mui, Community Director
    GROUNDWORK Open Source, Inc.
    139 Townsend Street, Suite 100
    San Francisco, CA 94107-1946
    +1 415 992 4573
    pmui@groundworkopensource.com
    http://www.groundworkopensource.com

  2. December 2nd, 2008 at 14:07 | #2

    Hi! I have a problem with WebInject, maybe you could help?. There`s a site gamenext.com,. I`m trying badly to understand what is the url to postdata in. Using httpfox i`ve found this: (https://secure-proc.betaregion.omiverify.com/UserAccount/Processing/1900.1/APP/PostData.ashx) i think that`s the needed url. But then again i can`t figure what should I type to postbody. httpfox returned really huge postdata with redirection links and so on.

    I would be just happy if you could give me an advice or suggested xml πŸ™‚ thank you!

  3. December 2nd, 2008 at 19:16 | #3

    i`ll just add some more info in case you`ll be intrested πŸ˜€

    site redirects me right AFTER i filled login&password. But how do I fill these fields via postbody? Please give an advice πŸ™‚

  4. admin
    December 3rd, 2008 at 01:05 | #4

    hey ane4ka, thanks for posting. i cant open the address you posted. also it would require a user and pass to test it. where you able to get any output in debug mode?
    check out the forums, other people have made it work even when redirection exists.
    cheers,
    felipe

  5. December 3rd, 2008 at 08:29 | #5

    Hi! thanks alot for your reply! the site is http://gamenext.com
    you can use my account to test(once you`ll have some free time and desire πŸ˜€ )
    e-mail=annielee@bigmir.net
    passwd:zxc123

    I`ve searched alot but it seems like a have some unique problem.

  6. December 4th, 2008 at 15:28 | #6

    i`ve also wanted to know if there`s any way having http.log while using nagios

  7. Muschl
    June 25th, 2009 at 16:32 | #7

    @Ane4ka

    use config.xml like this for global logging…

    Mozilla/4.0

    Mozilla/4.0
    MSIE 6.0
    Windows NT 5.0)

    yes

    yes – log HTTP for all test cases
    onfail – log HTTP for test cases that fail only

    nagios

    nagios – output of WebInject in console mode will be compatible for use as a plugin for the Nagios monitoring program
    mrtg – output of WebInject in console mode will be compatible for use as a plugin (external monitoring script)
    standard – reverts to the standard formatted output mode (omitting this setting defaults to ‘standard’ mode)

  8. August 11th, 2009 at 00:51 | #8

    The link that Peter was trying to give to the webinject how-to was not correct. Here you go! http://www.groundworkopensource.com/resources/webcasts/monitoring-web-applications-webinject.html

    Holler if you have questions.

  9. Lizarraga Andrei
    January 17th, 2011 at 14:28 | #9

    Hello,

    I am having the same problems as the ones presented above. I have a https site that I have to monitor and check the authentification, but I am not able to succed.
    My test case looks like this:

    Even though I put the user name wrong I receive a successfull login message.
    Can any one of you guys give me a littel hand.

    Thanks,
    Andrei

  10. Lizarraga Andrei
    January 17th, 2011 at 14:31 | #10

    Lizarraga Andrei :
    Hello,
    I am having the same problems as the ones presented above. I have a https site that I have to monitor and check the authentification, but I am not able to succed.
    My test case looks like this:
    Even though I put the user name wrong I receive a successfull login message.
    Can any one of you guys give me a littel hand.
    Thanks,
    Andrei

    Sorry.. this is my testcase
    case
    id=”1″
    method=”post”
    url=”https://alumni.insead.edu”
    postbody=”username=xxx&password=xxxxx”
    logrequest=”yes”
    logresponse=”yes”
    close case

  11. January 25th, 2012 at 11:24 | #11

    This tutorial is an informative one. Thanks πŸ™‚

  12. Albert
    March 14th, 2012 at 16:07 | #12

    Hi all,

    I have a problem like above happens. The result of my test ever is the same, if I put a bad user o pass, the result is always ok:

    WebInject OK – All tests passed successfully

    My xml file is:

    Anyone knows why??

    Thanks a lot,

    Albert

  13. Ram
    June 6th, 2012 at 05:10 | #13

    Hi All,

    Some one give me example for https authentication as well as redirection(during the login).

    please help me guyz..

  14. Sandeep
    February 15th, 2013 at 06:10 | #14

    Hi Guys,,
    i got a task to configure Nagios3 and also webinject with nagios. nagios is configured sucessfully but i have been stucked at configuration of webinject. can anybody guyide me how to configure webinject step by step as i am from a non programming background so programming is bit difficult for me to understand.
    thanks in advance.
    Sandeep

    • admin
      March 6th, 2013 at 15:05 | #15

      Sandeep,

      First make it works in the cmd line
      /webinject.pl -c test_cfg.xml
      where test_cfg.xml is something like:
      test.xml http://192.168.3.188:8080 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
      nagios
      10
      30
      onfail

      OBS: In my case I need to use a proxy, you may need to remove that line

      Then the test.xml should be something like:

      verifypositive=”direito” ( this is the strting it will search in the body of the site, to validate it )

      Did you make it work?
      cheers,
      Felipe

  1. November 7th, 2008 at 09:46 | #1

VAMOVE *

*