JMeter – Research/usage

Using JMeter:
Trying to measure HTTPS Requests to google.com (since the server supports SSL too)
Configuration:
Easy enough to set 150 threads, loop counts, ramp up period, etc.

Setting the web URL default + any other pages I want to request was also simple, I just had to right click and add.

Officially, Jmeter is supposed to support SSL. Eventually I did figure out that to set HTTPS you type HTTPS in the Protocol[HTTP]: field

Tool is too easily capable of accidental Denial of Service attacks – an miss-type resulted in 15000 threads being sent at Google.

The output could definitely be improved – the user must specify the format of output – ie graph, results in table form, etc, prior to testing. If specified afterwards, the objects have no access to existing testing data.

Also, changing the URL of the test did not create a new graph – the tool continued graphing in the same graph object from a previous URL.

Finally,
The request JMeter sends out looks like this:

GET https://www.google.com.au/

[no cookies]

Request Headers:
Connection: keep-alive
Host: http://www.google.com.au
User-Agent: Apache-HttpClient/4.2.6 (java 1.5)

And the response headers look like this:

Response headers:
HTTP/1.1 200 OK
Date: Wed, 06 May 2015 12:52:49 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=480d1186ae65ebb6:FF=0:TM=1430916769:LM=1430916769:S=reJQGYLeyGXLWT_7; expires=Fri, 05-May-2017 12:52:49 GMT; path=/; domain=.google.com.au
Set-Cookie: NID=67=Yx5XfSpqh_3dlD4olPdxxUR8PeB9sVlRAO-SKyZ5Z6q4jyw4lhKGfDvWUpxf10RMRfF9Jo75GuzmyPs5D_VzyaB46a9NDqFL2ImuLoO2rL-QZthOgdmvtacAtV8FdZnZ; expires=Thu, 05-Nov-2015 12:52:49 GMT; path=/; domain=.google.com.au; HttpOnly
P3P: CP=”This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info.”
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic,p=1
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

It isn’t particularly clear if JMeter successfully hit the site in HTTPS, further research indicates that the only hint is the line:

Alternate-Protocol: 443:quic,p=1

which is

Alternate-Protocol: 80:quic,p=1

for HTTP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s