jmeterperformance-testingloadrunnererror-codeblazemeter

Getting reponse code as 400 in jmeter response while trying to test a webapplication


`I recorded steps using Jmeter and trying to run those recorded steps under a thread in Jmeter. While trying to run it is failing due to '400' response code. I have tried below and still unable to find why i am getting 400 error response code

`1) I have tried to check if there is any bad data in the request, there is no bad data in the request i verified thoroughly

  1. I thought it might be a proxy issue, but if it is a proxy issue it should fail in the step1 itself but i can reach successfully till step4 and step4 is failing

3)I have reviewed most of the similar questions in stack overflow. All of them are saying mostly it is due to bad data in the request, but there is no bad data in my request

4)I have HTTP Cookie manager thinking it might be issue with the cookies. After adding cookie Manger also i am receiving the 400 response code.

I am placing my request and responses in the below. Any help would be appreciated

Request

POST not mentioning the url i am hitting due to security issues. But there is no issue with the URL ``POST data: TabBar-AccountTab-AccountTab_AccountNumberSearchItem=&TabBar-PolicyTab-PolicyTab_SubmissionNumberSearchItem=&TabBar-PolicyTab-PolicyTab_PolicyRetrievalItem=&QuickJump=&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalContactNameInputSet-Name=&NewAccount-NewAccountScreen-NewAccountSearchDV-CompanyNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-FirstName=arron&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-MiddleName=&NewAccount-NewAccountScreen-NewAccountSearchDV-GlobalPersonNameInputSet-LastName=finch&NewAccount-NewAccountScreen-NewAccountSearchDV-FirstNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-LastNameExact=on&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-City=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-County=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-State=&NewAccount-NewAccountScreen-NewAccountSearchDV-AddressOwnerAddressInputSet-globalAddressContainer-GlobalAddressInputSet-PostalCode=&eventSource=NewAccount-NewAccountScreen-NewAccountSearchDV-SearchAndResetInputSet-SearchLinksInputSet-Search_act&eventTarget=&paging=&gw-util--headers=&gw-util--treeview=&gw-util--preferences=&csrfToken=477b6974946dcebaf8beed15f16c1494256816d3&fileUploadUrl=https%3A%2F%2Fgwsit2.electricinsurance.com%3A443%2Fpc%2FFileUpload.do&gw-language=en_US&gw-locale=en_US

Cookie Data: JSESSIONID=F6153706277F23908AB8D433A9B249BF; ApplicationGatewayAffinity=81636c6af8ec60e31f2a8c3681e6d2262b9e04e6e24099503df6f9cc4223e2a4; ApplicationGatewayAffinityCORS=81636c6af8ec60e31f2a8c3681e6d2262b9e04e6e24099503df6f9cc4223e2a4; visid_incap_2564295=F4UVCjk0RtSs+zQuuZMyyvd3F2QAAAAAQUIPAAAAAAAlHzdDyZlUfxyOa/iOxeWg; nlbi_2564295=IOA5MhCq3UvUu3Rx/9wDbQAAAADLQi6PKNpfMPoV5oKF+m+Q; incap_ses_7223_2564295=zQisVVS7kTxMpplz7kA9ZPd3F2QAAAAA3xdPjhpwHo28VYUUgg+NdA==; SESSION=MTJkNmRhOGUtMTYzMC00MzI1LWJmMjYtMzU1MzU4NGFlNzlh; OPENIAM_AUTH_TOKEN=FADNbtRJy3Y/XNoHYr3H/4iFWndKV3kUV4j4iLxPjxbQbFUtKuqgQEgeoj/HWrfxJkPeJpYXNkPQryo7L72dgOPCNVDby+p4mU2UxkO3IQdELYMSodbTZZfAGDZLGT7PQLdLA8Kw5O26WqGnrT3oiHxivYA0tMH9oylJCgl0/Tc6NpkHOuO+ZY5y8yp/AaEF1X3MWJW+KAqWLWKgF2YK4AtGPlkaqm7LKjEaEC6FpED0wtMZNQbbAHxt/lrdC1tAD3GkBwJjQTV+caYBrN7pXw1eqTXFlDmcrTPlay2P8wFKW9VgRQtgzQMd1eZqNqxus4Xh4dwHgN4Sw9GyB+lwhLV7vXOOw02r+BD+VzhoOAJMlbItpqlT2w0cXh6kypNxTUtM2d2QFUzHUpT2rTZpoA==; PolicyCenter=2026686f92815acb1ba7d97e892981c19d5ac9557eaa8aa8c81a5b0bfb185404; PolicyCenterCORS=2026686f92815acb1ba7d97e892981c19d5ac9557eaa8aa8c81a5b0bfb185404; USERID=vdilab21F003; accountNumber=GUIDEWIRE ``


Solution

  • In the majority of cases you cannot just replay the recorded script without correlating the dynamic parameters.

    In your case from the first glance they are:

    1. Cookies. Make sure to add HTTP Cookie Manager to your test plan and cross-check if the number/nature of cookies matches the ones the real browser sends.
    2. The csrfToken parameter. It's a special security token which ensures the origin. You need to extract it from the previous response using a suitable JMeter Post-Processor, save it into a JMeter Variable and replace the hard-coded recorded value with the variable from the Post-Processor. More information: What is CSRF & How to Load Test CSRF-Protected Websites