HomeSUPPORT QUESTIONS

Need help with StresStimulus? Start here.

Extraction from a response and substitution in request gets double encoded Messages in this topic - RSS

Sundara J
Sundara J
Posts: 11


2/5/2013
Sundara J
Sundara J
Posts: 11
Not sure if this is a bug in fiddler or stresstimulus , but basically the value being sent to a request is different than from when its recorded and played back (it gets double encoded)
When recording and play back the value looks like below
wresult=%3Ctrust%3ARequestSecurityTokenResponseCollection

but when extracted with an extractor and substituted in the request the value looks like below 
wresult=%26lt%3btrust%3aRequestSecurityTokenResponseCollection

Note the encoding %3C which is "<" is now %26lt%3b
Any settings that i need to be looking at ?

thanks in advance for any help
0 link
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583


2/5/2013
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583
Hello Sundara,


In StresStimulus, usually, extractors are created from HTML responses (which are already decoded and are in plain text). Then when these extractors are used as parameters, StresStimulus automatically encodes their values when necessary.
 
Double encoding would happen if an extractor is taken from an not-decoded response. Not sure how that's possible, though.
 
Please describe how you created the extractor and what value does it return.

Cheers,
_Vadim
0 link
Sundara J
Sundara J
Posts: 11


2/5/2013
Sundara J
Sundara J
Posts: 11
the extractor returns below ==>
&lt;trust:RequestSecurityTokenResponseCollection xmlns:trust=&quot;http://docs.oasis-open.org/ws-sx/ws-trust/200512&quot;>&lt;trust:RequestSecurityTokenResponse Context=&quot;http://10.0.1.201/DMD/website/INVISION/&quot;>&lt;trust:Lifetime>&lt;wsu:Created xmlns:wsu=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd&quot;>2013-01-29T14:52:50.556Z&lt;/wsu:Created>&lt;wsu:Expires xmlns:wsu=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd&quot;>2013-01-29T15:51:50.556Z&lt;/wsu:Expires>&lt;/trust:Lifetime>&lt;wsp:AppliesTo xmlns:wsp=&quot;http://schemas.xmlsoap.org/ws/2004/09/policy&quot;>&lt;EndpointReference xmlns=&quot;http://www.w3.org/2005/08/addressing&quot;>&lt;Address>http://10.0.1.201/dmd/website/&lt;/Address>&lt;/EndpointReference>&lt;/wsp:AppliesTo>&lt;trust:RequestedSecurityToken>&lt;xenc:EncryptedData Type=&quot;http://www.w3.org/2001/04/xmlenc#Element&quot; xmlns:xenc=&quot;http://www.w3.org/2001/04/xmlenc#&quot;>&lt;xenc:EncryptionMethod Algorithm=&quot;http://www.w3.org/2001/04/xmlenc#aes256-cbc&quot; />&lt;KeyInfo xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;>&lt;e:EncryptedKey xmlns:e=&quot;http://www.w3.org/2001/04/xmlenc#&quot;>&lt;e:EncryptionMethod Algorithm=&quot;http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p&quot;>&lt;DigestMethod Algorithm=&quot;http://www.w3.org/2000/09/xmldsig#sha1&quot; />&lt;/e:EncryptionMethod>&lt;KeyInfo>&lt;o:SecurityTokenReference xmlns:o=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot;>&lt;X509Data>&lt;X509IssuerSerial>&lt;X509IssuerName>CN=DigitalDealMakerCertificate&lt;/X509IssuerName>&lt;X509SerialNumber>-83336593415892221562437928126114200997&lt;/X509SerialNumber>&lt;/X509IssuerSerial>&lt;/X509Data>&lt;/o:SecurityTokenReference>&lt;/KeyInfo>&lt;e:CipherData>&lt;e:CipherValue>V6XEIQ4ueE0opG00lPG0Ax/eFVqEo76T0/RxHq1KWS4ER1TPKF6VwyleAP2m+ieZ+7dbu1G+fHGa+YY+0Gi8PlF/vF7kUxsTIjB4ShaeplFsPVBzunAEiDzhTDSjXwpBwgyW7OCUlDoDNw4+84fC4ldd0nBvQeniKhxs1mWIHKA=&lt;/e:CipherValue>&lt;/e:CipherData>&lt;/e:EncryptedKey>&lt;/KeyInfo>&lt;xenc:CipherData>&lt;xenc:CipherValue>DDYmcRoS4YgIDDg/MUFOo5rzszs/DUH2S42HeYFdTVyBt64pDOvF9EkDYS7oScfNoz/wyPNeXuUxBZsivNhvo0dJb2qfpaQhTkcSTL0vfR4C702A4gCNYy/THh+oN3AXVcqNXq5qC9zqcJ6yUew1OY+UIxPtKy6hj0NoLXge916Sr6DLELC1EiAuly4o3FVMhO8Lfh/ideLvYE86XLa4ljAs7Z1eieCB2TkCiUoB3LywfuCD2hSyiUEbYgblvpcV2HDVdB51PnH0DepJARqaKz9erd27kyz0A29w22TsIJu5BDtmd2+KsqQH0WcAIbb/XUNzZi8W8CHpIv6GOE4BYJTGDVavT6TvVD1KQS2SQy/TjcHUFJZIs9P5FbF1qSEUk2SYR4EzfxzCte7PLOeDcG9wnhq2jxEa/c0+vdhubab36p0vlMgRVpXb0mjMrE2ZccuW7t5HYGIfVZDGr+fWqGaQ0WS0Ejlmj87VjFayFoWs4qHjclEuMbY+lZVNBlaqmRX8gokFDdCtaLM2bFs5E27KrL/JB+rnNW3JnmAFqw0J3tBopMSnXhSrxxd4/7A+ycQlerwEJ070uN55TMKbDMTyVjiAvLR8TgB6NCrUZkNwl7xAxe5sO4aeeTHJyyM6sfLJUkJrso1SurlzsAcYdpgD3OmNx2016o+dPjPjdiccR+V8NnqC85dx9MRGRQNuIYH/LkjEfPheOQhQRTS/kuV6tR4hWvlOTsNwSe+AlGrNhtUCRnMkOv4/PAsP8OW3FsSxJ23tmI07SGWZwHmk5nwQvCn4n1w4djhr32OT6imuYf9pmilx11obSdAf2e6pMrNxWCxeiw8+a6+/TvUu57Fd72Hi/fiBOiK0d8VgU7AjEF1A21iBWqUBl/7+SQ5N/R2wskiOvwRWWb+VXFzmYJuogcKX2UqTygkAuQx+C1i96YomLInDP00cTCxoWhEBug1msTr0hn5cHIxWuMaoftBzDJmm0YJTv0nLT4NZnGaUmoNX1mQD3mP2JgS+qyK5Yuuy8apkngQIDyBBKwy5WDW0sB0ysJnv/+10EachVWzmaTgCY79EtyYjExKDJa90Wbyt6xTMPHq26RFgfs4aS2iGAy8usJ3VWL3lhIlGtXXvD/WSjvoUgx1SbgwrZ9JYR0lQOdlNXiSBwpnxyjGdP87htswv2lBhF16J1KSg952XxBmSOG0vEg3BBJPdtukP7gfXh72QDoHwYSY2H4BMi8272sUZyMedsNpodZJhiniytTC6nMdCsZyjFo5MP7vL9JmWY9DJOr2HrxS0IHTKChIPndiu6tB3rrJl5+A4f515Uzifdmiiwzc7rlyBnsqNEeEADJSDN9CP4oUmozG9RxVTpF85qn3MqmrkZKdDg3XKtGybv2t2to85jlEUuUXbvnrymBcK25brvyH6BzyPXbwNqy8NmJ6fe3+tZk89tr4boI/dJHXrZwogz+80WT/TT+EZnk7s9kHQVViaulDYq4IIYXyg1J1vo3bhrhAr7q749w64vbtIp/AxECNq2w1bGUTst2o34+e+LILGueXv7DhCcIEHeWL1J+hAYJo4G9jl4OpM1rIXe3OeSeAd2iWSck+CJh3ZlOa7VCwoJC6FE0hvy1y2OYf6qUFOmNuCMdeBd6emgUv+p6AmauZScnqBYUqI0ZS8ByqbBZZ05jLjiIGDSyGKPOqNueBDYd1EjHxlMfiYrHyM1i5rHPO8YoyrxyJYiheBjxO68xymqLUK6oEObYyslwE3S7HpCr1KBqjQxnzJRkJjLx6ABLf6AJkbxaKq0hgYAPK9mVf9Y/b+CXjfOaGiC/1wjn6Xlgn+I+SHQnvFV9mMaGB3+foSTd6RWhrU6Pi/Y+dYtqWiTlEdm5zSJxtR0SZHap828Yigt3zBIkaY/kkHDS2ongRBiTjSyMYFS9soM4HbGdL3hIMnOjQ+tahpnDlP1KDzTIbrZ9jsM6rm5Lld5PGliSlv/VQrF9zLoSVCClGKBea93e8PkMmvuhdGKABvhEh7suByQaHLCcx23t1Zj2EMEZRhNDunhGENXlzp7rW6KXSPo2WvXcQHRRdjq0w0PAJ504TX5droLRpUDJAxmmMTbsHvef0gS9UFLIQH8wO3Jasp+EqKW8179TyiWWg9Xk2cX9BaoAUYlxC3IE3+fwYlHf2m1OkM23SMynlKWIlqxdx3O0xD1V+gGaB60VAsBq76SO9+Aa2uVfmNrMEFiFlkLA0AENaZ8pOm0Z+03/geDut5wHo0SJl5ZWfZHBXDy6kQGKumWWuKl2TbBHYR1eQBmXEJMQEPF7FMwdQi3EQnMAiq5qHE56V2EHLb5xFwDZriDuYV12C/6WEiWpWIJE61Nd5EtadZRErhRFEyfhsWdtuGzmCQCiRL/n1gz2vKj9HRSEfxDig5mlOPO40L3ZCLlNtR5dreU6EKFSbEC79qGS6RkuekO7Nh11Hv62MrVwYOKYWdr+WDWS0HBAvWgwhweBawt2TMHQhiHbX7wCf6hUvqGNa6gaR0S3OPTH3Kf4t/0DtvOn5B1+azAGD3tfav9ZmttFH9XB7VPPrj6AnOh1ASRtKZ5imiTpQOE3Gq3srWDuxf8AyglA7IS3GFB/8T3rJHgBuaHxNQUbMVjpLjcFZk7G5w2NoDvgEKykxVQLCpfMoU7u3E8eITZkOc9A2P5OegzG/Gpg7PJJiBSlBOzbNMxdTUBA2IHVxzcHFS6JKTGuHqebi+NhEaDcUqf1nlj64YAzu4sx9kMiRc9IGqjmCTWbLjDRCxuq6hVaF6Po+30jOO1MxKF0qW8ymFdDHGkZWjNTBwvIPbAG0dkOtrrsFgfdlyX+Vdoc7EZSKEVvt/RMDZur2J1nqkPbKPjMNRe2JSPtSNfiaUsFemsT7+8DFe8637309ndY7DNvtSmUCJmwU1l8h7FrH9H2d3hkEnawgsiHDDPUv9pGL7mtymzwUy+kNP8V+imRzi90XK/tDhe7aKlTt5t1pUmzNfm4GxDt/Fs3CsoaZDo/0+gyqpD6O9m14olEEBDKZLoW/Jx8jBgIjHsfeaUK2s1id+Tl22bjU1PnpfgbYcKHUGgP5x4qcuiAKSvy6JUYOo4LzTlT5iI/9E12VUkNulI94CgSlksnfbcewszPO7Lo3o4eI+ODC5aNMKHV/1gfi1nxhQO3H2mXTRrZxcDQBJ68VIp/ISu7j+GzYpaHHdior8HUbpLaaqd2qq+QnXAtG2yMTYFVgTvktHPU2X0GTMNASr9MJwvdnlSCiIum13DH/wTa0O6yu+/3P2EGNssRFsHqWkqIaOho1PDOP5s2gdM1ME3cfyoYh1pmr/aqMdWarLUNTMk0jzX+t6Wy6UqAfuvpsTi2psbefXUl/Alo9pgesDB2BrSEgfvWS5mGbV02pSLPP8dLxrc6OYnmGuZDeOPk5XwAMN29RJoBp+MibPoGx6aOrPNEUdsl2MopnBwpfhJGLGK2KSubEC5uD6RSTbxmjl2yQDYhr75swUk5W4N3/ttxRSE29Ocwdy0x80IdPClHwZfBuy4Rr2iN9jRpaLPNjUF0bBMYOGKKlmYFCxx63RRimW362vKoGltIjj0/Mjc0C34RlPqhmUUBTt5/rGL7YF1IGGlBWhC3tpoYfuu2Y6Ry4Yl+h2uyffgLTFQozJe+VB0LJGckRDyvvAiv2FrU4UdxuxhwYKtHom2rE4zcYFK6MOT9sbl0kR0AhJ3l2iZs8l5E66OHPul/kUChQw++HlO1wbuij59kl6ojZa150T1lycj8DNFZ8Cda7lKd+sFsKRxI9qZoRMgpmdFxjX/ayxbrbGSqwoMaC8JXJdk4MJ7wXxoK55rXHOGK3ttrxqvi3o3PCqJ7ZunpIOWMLaiyckB6Zo8B986emxAh+7QqGXr5r4PD8AdSq/SxVnkV5mOS8pC8WQPTekGWUIMvIbr1yl3YAAxGfjy6q+5BV79m4XH9GWTZ48c9GqtU3NqTZ2KsJR9OELiAL6q65GR330/bZ4dmZH3dOEHidW6kQiqGDYz7wa55+5ohOIQjW71EZKCkdId1j5f2hhBay5FcnaEWhcxqaaSzPzqSILKI8I6tUX0uhRE9nHKt5w5FbQT5/CJljgeA/Kf3csZGBPNNNZqP/Ut/Z3hm2kAK2VuYrh94v1DAGUmPsYuMjnpp21vREM+GxOJ1eXaP/tRrawDl32OCTqiAWAEK2AGF56Q3QWgT5yw9jR/bwsHMzW+BMiaA4Yjf/PdelZ04htWxfNL5JjgcjFeO3Q4KlEj3PjDSNkKxVTfYryaduGu/V5hI/cgR3JR5yGXRywhKxmuh/bOAXTxBotPLFY96lhblU9E9s/goDTi9MAa7B5OSWakUYfvuHbb8vfnJ9K2YrThQ==&lt;/xenc:CipherValue>&lt;/xenc:CipherData>&lt;/xenc:EncryptedData>&lt;/trust:RequestedSecurityToken>&lt;trust:RequestedAttachedReference>&lt;o:SecurityTokenReference k:TokenType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1&quot; xmlns:k=&quot;http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd&quot; xmlns:o=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot;>&lt;o:KeyIdentifier ValueType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID&quot;>_6dc42262-3cce-4662-b96e-c79aec65bad6&lt;/o:KeyIdentifier>&lt;/o:SecurityTokenReference>&lt;/trust:RequestedAttachedReference>&lt;trust:RequestedUnattachedReference>&lt;o:SecurityTokenReference k:TokenType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1&quot; xmlns:k=&quot;http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd&quot; xmlns:o=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot;>&lt;o:KeyIdentifier ValueType=&quot;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID&quot;>_6dc42262-3cce-4662-b96e-c79aec65bad6&lt;/o:KeyIdentifier>&lt;/o:SecurityTokenReference>&lt;/trust:RequestedUnattachedReference>&lt;trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion&lt;/trust:TokenType>&lt;trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue&lt;/trust:RequestType>&lt;trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer&lt;/trust:KeyType>&lt;/trust:RequestSecurityTokenResponse>&lt;/trust:RequestSecurityTokenResponseCollection>;
0 link
Sundara J
Sundara J
Posts: 11


2/5/2013
Sundara J
Sundara J
Posts: 11
Note : "&lt;trust .. "encoded again gives %26lt%3btrust.. which is the double encoding problem i am having
when being sent again to server
0 link
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583


2/5/2013
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583
I see what’s going on. Your extractors include special characters that are HTML-encoded. For example, instead of “<” the extractor returns “&lt”. StresStimulus does not provide HTML-decoding of an extractor, prior to URL- encoding of a request, parameterized with such extractor. We will issue a fix to add support for HTML-decoding extractors in a few days if not tomorrow.
 
As a workaround for now, see if you can define your extractors more narrowly, so they do not include “<” or “>” characters. For example, from your screenshot, it looks like you take a circled snippet of the recorded request and replace the highlighted in green portion with the highlighted in yellow portion, as shown in the "Currently configured" column below.



 
Currently configured
Change to
Recorded
wresult=%3Ctrust%3A
wresult=%3Ctrust%3A
Replayed
wresult=%26lt%3btrust%3a
wresult=%3Ctrust%3A


If you define your extractor to exclude %26lt%3C, as shown in the "Change to" column,  then you'll get the same result, but HTML- encoding will not be an issue. Not sure if the workaround will  fix all extractors,  but, as I said, the fix will be released soon.

Thanks for reporting the issue!

-Vadim



 
0 link
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583


2/6/2013
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583
Sundara,

We added support for HTML-decoding extractors. To use this option, change the new “Use HTML Decode”  property in your existing extractors, which use encoded special characters, from  No (default) to Yes, as shown on the screenshot below.




As a result, your test should work without the workarounds, that I suggested yesterday.
Use StresStimulus auto-update top install the new version.

Cheers,
-Vadim

0 link
Sundara J
Sundara J
Posts: 11


2/9/2013
Sundara J
Sundara J
Posts: 11
HI Vadim i downloaded the latest update but do not see the option in your screen cap above on the extractor screen.

thx
-Sundara
0 link
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583


2/9/2013
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583
Hi Sundara,
Check your StresStimulus version. In v2.5.4785 and above, extractors have “Use HTML Decoding” property.
In case you can’t find it, please schedule a web support session at convenient time, using a link that I just sent you via a private message, and I’ll show you this property.
Cheers,
-Vadim
 
0 link
Sundara J
Sundara J
Posts: 11


2/12/2013
Sundara J
Sundara J
Posts: 11
Yep got it and worked very well thanks !
0 link
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583


2/12/2013
Vadim @StresStimulus
Vadim @StresStimulus
Administrator
Posts: 583
You're welcome, Sundara. Thanks for posting your feedback.
0 link






Copyright © 2017 Stimulus Technology