check_webinject

Posted on July 29th, 2010 by sven

check_webinject

check_webinject is a Nagios check plugin based on the Webinject Perl Module available on CPAN which is now part of the Webinject project. We use it heavily at ConSol and did a complete rework including some bugfixes and enhancements for Nagios 3.

Current Version is the 1.74 released on May 05, 2012.

How does it work?

The plugin is written in Perl and uses LWP together with Crypt::SSLeay. check_webinject sends requests to any configured webservice. You may then specify verification settings in your test cases.

A sample testcase file is included in the downloadable tarball.

<testcases>
<case
    id             = "1"
    description1   = "Sample Test Case"
    method         = "get"
    url            = "{BASEURL}/test.jsp"
    verifypositive = "All tests succeded"
    warning        = "5"
    critical       = "15"
    label          = "testpage"
/>
</testcases>

A sample command like would look like this:

%>./check_webinject -s baseurl=http://yourwebserver.com:8080 testcase.xml 
WebInject OK - All tests passed successfully in 0.027 seconds|time=0.027;0;0;0;0 testpage=0.024;5;15;0;0

Add check_webinject like a normal nagios plugin.

Download

You can download the full Webinject package here.

Prebuild version of the check_webinject nagios plugin

The source is also available from GitHub.

Installation

Just unpack the tarball and make sure the required Perl modules exist:

• LWP
• XML::Simple
• HTTP::Request::Common
• HTTP::Cookies
• Crypt::SSLeay
• XML::Parser
• Error

11 Responses to “check_webinject”

1. Nico Says:
   October 16th, 2010 at 15:27

   Hi,

   Very good work. Could you add the NTLM Authentication ?

   Thanks a lot.

   [Reply]

2. sven Says:
   November 2nd, 2010 at 10:22

   It should work if you install the LWP::Authen::Ntlm Perl Module. In newer version of LWP, the LWP::Authen::Ntlm is already included.

   [Reply]

3. OMD Version 0.44 erschienen » klimmbimm Says:
   November 15th, 2010 at 17:57

   [...] .. ist ein plugin, um Performance von Webseiten abzufragen. Es ist stark anpassbar und basiert auf Perl. Mehr Infos auf http://labs.consol.de/lang/de/nagios/check_webinject/ [...]

4. 17 Nagios-Fliegen mit einer Klappe: OMD 0.44 | KenntWas.de - Technische Tips Says:
   December 22nd, 2010 at 0:13

   [...] check_webinject aus den Labs der Fa. Consol basiert auf dem Webinject Perl Modul (gibt’s bei CPAN), welches nun Teil des Webinject-Projekts ist. Es erlaubt das automatische Testen von Web-Applikationen und unterstützt diverse HTTP-Interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, usw.). [...]

5. CSS Says:
   September 12th, 2011 at 10:49

   Have you had any luck pointing this to an asp.net site and getting cookie/session auth working? I’m just not seeing any examples… And the thing I’m testing is doing all sorts of json-encoded ajax crap. Argh.

   [Reply]

   

   sven Reply:
   September 12th, 2011 at 11:20

   @CSS, webinject does not parse javascript. But it can handle cookie based sessions. This works out of the box if the cookie is set by normal http header. If cookies are set with Javascript, then its probably very difficult to replay. Best way is to have a look at the http messages, ex.: with the “live http headers” plugin for firefox.

   [Reply]

6. CSS Says:
   September 22nd, 2011 at 5:18

   Hi Sven,

   Finally got some more info from the web developer, and he claims that it’s essentially just using “standard” .net session tracking with cookies. When I call the authentication url (which is successful), then the server starts seeing my existing session as an authenticated user. I was able to grab the right url and example POST data using “httpfox”.

   My test case so far uses these steps: -load the front page (which should start a session and set a cookie) -post to the login page -load a “profile” page that a logged-in user would see

   On the last step I’m simply redirected to the front page as if I’m not authenticated even though I do get a positive result on the login post.

   I do see that there are two cookies being set, does this confuse webinject? One is for the session, the other just tracks what timezone I’m in.

   Lastly, are you open to any consulting work? Let me know…

   [Reply]

7. Sven Says:
   February 23rd, 2012 at 11:38

   Professional support and consulting is available here: http://www.consol.de/open-source-monitoring/support/

   [Reply]

8. Tom Welsh Says:
   October 15th, 2012 at 17:25

   Hi Sven,

   Can Webinject be us3ed to test flash websites. I am completely new to this testing stuff but can think off a few uses if it is compatible with flash.

   Regards

   Tom

   [Reply]

   

   sven Reply:
   October 20th, 2012 at 15:41

   @Tom Welsh, no, webinject just replays http requests, so flash pages cannot be checked with it.

   [Reply]

9. Paul Dubuc Says:
   November 20th, 2012 at 21:16

   Is it possible to have conditional test cases? For example, after user logs into application they may get a “new features” page and need to click OK button to proceed. If nothing new since last time, then page will not appear.

   [Reply]

Leave a Reply