When monitoring websites many times we will need more then just check if the site is up.
We may need to see if the internals of the website is working, a good example is making a user login check.
Using nagios alone it can not be done, but thanks to Corey Goldberg, it is possible using his script webinject.pl.
From the author:
“WebInject is a free tool for automated testing of web applications and web services. It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests.”
And yes it works with HTTPS and redirections. Well, to get it working just follow these steps:
Extract and copy webinject.pl, config.xml and testcases.xml to nagios libexec folder.
reporttype – should be removed untill you get all working this way you can debug by seeing all comunitcation
output on the shell prompt.
useragent – is what the server will think your website is, well just so the admins dont panic I copied HTTP header of firefox.
testcase – the xml file we will put all the steps of our check
errormessage=”Website not loading”
verifynegative=”User not found”
errormessage=”could not authenticate”
The hardest part will be to identify two things the:
url – where the user password is processed, usually a form action will refer to it, check the source code of the id=1 page and look for it.
postbody – the trick here is to use httpfox download here . Also LiveFox will do the trick.
Now perform the login via web and look to your post code, just paste that here.
Need more debugging?
use the options logrequest=”yes”and logresponse=”yes” in the testlogin.xml and after your run a test
# ./webinject -c test.xml
checkout the file http.log it will have all source communication.
The program has also a GUI version, but I have not tried it, take a look at the Screenshots.
any more doubts and more details check out the forum at www.webinject.org
16 thoughts on “Webinject How to”
GroundWork Open Source’s GroundWork Monitor, which has Nagios built-in, has a video entitled “Monitoring Web Sites with WebInject” Watch it here:
Let us know if this is helpful! -Peter
Peter Mui, Community Director
GROUNDWORK Open Source, Inc.
139 Townsend Street, Suite 100
San Francisco, CA 94107-1946
+1 415 992 4573
Hi! I have a problem with WebInject, maybe you could help?. There`s a site gamenext.com,. I`m trying badly to understand what is the url to postdata in. Using httpfox i`ve found this: (https://secure-proc.betaregion.omiverify.com/UserAccount/Processing/1900.1/APP/PostData.ashx) i think that`s the needed url. But then again i can`t figure what should I type to postbody. httpfox returned really huge postdata with redirection links and so on.
I would be just happy if you could give me an advice or suggested xml 🙂 thank you!
i`ll just add some more info in case you`ll be intrested 😀
site redirects me right AFTER i filled login&password. But how do I fill these fields via postbody? Please give an advice 🙂
hey ane4ka, thanks for posting. i cant open the address you posted. also it would require a user and pass to test it. where you able to get any output in debug mode?
check out the forums, other people have made it work even when redirection exists.
Hi! thanks alot for your reply! the site is http://gamenext.com
you can use my account to test(once you`ll have some free time and desire 😀 )
I`ve searched alot but it seems like a have some unique problem.
i`ve also wanted to know if there`s any way having http.log while using nagios
use config.xml like this for global logging…
Windows NT 5.0)
yes – log HTTP for all test cases
onfail – log HTTP for test cases that fail only
nagios – output of WebInject in console mode will be compatible for use as a plugin for the Nagios monitoring program
mrtg – output of WebInject in console mode will be compatible for use as a plugin (external monitoring script)
standard – reverts to the standard formatted output mode (omitting this setting defaults to ‘standard’ mode)
The link that Peter was trying to give to the webinject how-to was not correct. Here you go! http://www.groundworkopensource.com/resources/webcasts/monitoring-web-applications-webinject.html
Holler if you have questions.
I am having the same problems as the ones presented above. I have a https site that I have to monitor and check the authentification, but I am not able to succed.
My test case looks like this:
Even though I put the user name wrong I receive a successfull login message.
Can any one of you guys give me a littel hand.
Sorry.. this is my testcase
This tutorial is an informative one. Thanks 🙂
I have a problem like above happens. The result of my test ever is the same, if I put a bad user o pass, the result is always ok:
WebInject OK – All tests passed successfully
My xml file is:
Anyone knows why??
Thanks a lot,
Some one give me example for https authentication as well as redirection(during the login).
please help me guyz..
i got a task to configure Nagios3 and also webinject with nagios. nagios is configured sucessfully but i have been stucked at configuration of webinject. can anybody guyide me how to configure webinject step by step as i am from a non programming background so programming is bit difficult for me to understand.
thanks in advance.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
First make it works in the cmd line
/webinject.pl -c test_cfg.xml
where test_cfg.xml is something like:
OBS: In my case I need to use a proxy, you may need to remove that line
Then the test.xml should be something like:
verifypositive=”direito” ( this is the strting it will search in the body of the site, to validate it )
Did you make it work?