`I recorded steps using Jmeter and trying to run those recorded steps under a thread in Jmeter. While trying to run it is failing due to '400' response code. I have tried below and still unable to find why i am getting 400 error response code
`1) I have tried to check if there is any bad data in the request, there is no bad data in the request i verified thoroughly
3)I have reviewed most of the similar questions in stack overflow. All of them are saying mostly it is due to bad data in the request, but there is no bad data in my request
4)I have HTTP Cookie manager thinking it might be issue with the cookies. After adding cookie Manger also i am receiving the 400 response code.
I am placing my request and responses in the below. Any help would be appreciated
Request
POST not mentioning the url i am hitting due to security issues. But there is no issue with the URL
``POST data:
TabBar-AccountTab-AccountTab_AccountNumberSearchItem=&TabBar-PolicyTab-PolicyTab_SubmissionNumberSearchItem=&TabBar-PolicyTab-PolicyTab_PolicyRetrievalItem=&QuickJump=&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalContactNameInputSet-Name=&NewAccount-NewAccountScreen-NewAccountSearchDV-CompanyNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-FirstName=arron&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-MiddleName=&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-LastName=finch&NewAccount-NewAccountScreen-NewAccountSearchDV-FirstNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-LastNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-City=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-County=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-State=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-PostalCode=&eventSource=NewAccount-NewAccountScreen-NewAccountSearchDV-SearchAndResetInputSet-SearchLinksInputSet-Search_act&eventTarget=&paging=&gw-util--headers=&gw-util--treeview=&gw-util--preferences=&csrfToken=477b6974946dcebaf8beed15f16c1494256816d3&fileUploadUrl=https%3A%2F%2Fgwsit2.electricinsurance.com%3A443%2Fpc%2FFileUpload.do&gw-language=en_US&gw-locale=en_US
Cookie Data:
JSESSIONID=F6153706277F23908AB8D433A9B249BF; ApplicationGatewayAffinity=81636c6af8ec60e31f2a8c3681e6d2262b9e04e6e24099503df6f9cc4223e2a4; ApplicationGatewayAffinityCORS=81636c6af8ec60e31f2a8c3681e6d2262b9e04e6e24099503df6f9cc4223e2a4; visid_incap_2564295=F4UVCjk0RtSs+zQuuZMyyvd3F2QAAAAAQUIPAAAAAAAlHzdDyZlUfxyOa/iOxeWg; nlbi_2564295=IOA5MhCq3UvUu3Rx/9wDbQAAAADLQi6PKNpfMPoV5oKF+m+Q; incap_ses_7223_2564295=zQisVVS7kTxMpplz7kA9ZPd3F2QAAAAA3xdPjhpwHo28VYUUgg+NdA==; SESSION=MTJkNmRhOGUtMTYzMC00MzI1LWJmMjYtMzU1MzU4NGFlNzlh; OPENIAM_AUTH_TOKEN=FADNbtRJy3Y/XNoHYr3H/4iFWndKV3kUV4j4iLxPjxbQbFUtKuqgQEgeoj/HWrfxJkPeJpYXNkPQryo7L72dgOPCNVDby+p4mU2UxkO3IQdELYMSodbTZZfAGDZLGT7PQLdLA8Kw5O26WqGnrT3oiHxivYA0tMH9oylJCgl0/Tc6NpkHOuO+ZY5y8yp/AaEF1X3MWJW+KAqWLWKgF2YK4AtGPlkaqm7LKjEaEC6FpED0wtMZNQbbAHxt/lrdC1tAD3GkBwJjQTV+caYBrN7pXw1eqTXFlDmcrTPlay2P8wFKW9VgRQtgzQMd1eZqNqxus4Xh4dwHgN4Sw9GyB+lwhLV7vXOOw02r+BD+VzhoOAJMlbItpqlT2w0cXh6kypNxTUtM2d2QFUzHUpT2rTZpoA==; PolicyCenter=2026686f92815acb1ba7d97e892981c19d5ac9557eaa8aa8c81a5b0bfb185404; PolicyCenterCORS=2026686f92815acb1ba7d97e892981c19d5ac9557eaa8aa8c81a5b0bfb185404; USERID=vdilab21F003; accountNumber=GUIDEWIRE
``
Response:
`HTTP/1.1 400
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html;charset=utf-8
Content-Language: en
Vary: Accept-Encoding
Server: Apache
Set-Cookie: USERID=5034; Path=/
Set-Cookie: accountNumber=GUIDEWIRE; Path=/
Set-Cookie: OPENIAM_AUTH_TOKEN=FQDNbtRJy3Y/XNoHYr3H/xZjbk0sl17h+RaR6OX9drbzTUgcYY3yjeibnsq/jTVR+bvoiWgU6H4VvwnFKqoumkHTT+hMN6zr8VtLXhx2AeOu0mlq9rHlz8PFREe02ezTeM2XEqSp6lb7fHirJMAZSaoo2ik/IqJFoRLtl1+BzN3tEUTI/RfQ5Z09Sl9y67u2pGXBuJiHTlhfxNm3aI5t0hNx0enh+veYZ8v7HIe8IXyHcO6YUac4eBA4Ab7Gpvq9Ak1vSTcXURFhVN7LpUrVHyxyiXR2ooKSgEIiViVhmw92xXby8eX/KVFBNSlZqhxabQaLiKXEv4Y/YTr71bwH2Oe/hxKF14rtrE+FcNRxM9k9qcMwF+qUHYzL8SY5Gxe2/E2kUFI9Ff2gD6uAD9wOIQ==; Path=/; Domain=electricinsurance.com; Secure; HttpOnly; SameSite=Lax
Set-Cookie: USERID=5034; Path=/
Set-Cookie: accountNumber=GUIDEWIRE; Path=/
Access-Control-Allow-Origin: *
Domain: ElectricInsurance
userlastname: Machine03
UserType: User
UserToken: 5034
eiSSOGEIDPFLAG: N
email: elec.qual.test@electricinsurance.com
userfirstname: lab21F
AccountNumber: GUIDEWIRE
userId: 5034
UserGroup: InternalAgent
LocationId: NO VALUE
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Secure-Policy: default-src 'self';
x-openiam-auth-token: FQDNbtRJy3Y/XNoHYr3H/xZjbk0sl17h+RaR6OX9drbzTUgcYY3yjeibnsq/jTVR+bvoiWgU6H4VvwnFKqoumkHTT+hMN6zr8VtLXhx2AeOu0mlq9rHlz8PFREe02ezTeM2XEqSp6lb7fHirJMAZSaoo2ik/IqJFoRLtl1+BzN3tEUTI/RfQ5Z09Sl9y67u2pGXBuJiHTlhfxNm3aI5t0hNx0enh+veYZ8v7HIe8IXyHcO6YUac4eBA4Ab7Gpvq9Ak1vSTcXURFhVN7LpUrVHyxyiXR2ooKSgEIiViVhmw92xXby8eX/KVFBNSlZqhxabQaLiKXEv4Y/YTr71bwH2Oe/hxKF14rtrE+FcNRxM9k9qcMwF+qUHYzL8SY5Gxe2/E2kUFI9Ff2gD6uAD9wOIQ==
Date: Sun, 19 Mar 2023 21:00:42 GMT
Connection: close
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 9-60404620-60404626 ENNN RT(1679259639176 2357) q(0 0 0 -1) r(6 6) U12
Content-Encoding: gzip
``
In the majority of cases you cannot just replay the recorded script without correlating the dynamic parameters.
In your case from the first glance they are:
csrfToken parameter. It's a special security token which ensures the origin. You need to extract it from the previous response using a suitable JMeter Post-Processor, save it into a JMeter Variable and replace the hard-coded recorded value with the variable from the Post-Processor. More information: What is CSRF & How to Load Test CSRF-Protected Websites