Summary of the invention
The technical problem to be solved in the present invention is, for the website testing method of prior art and system because avoid the defective of the high and security risk of cost that the identifying code problem brings.Provide a kind of utilize website logo information forge the website the mode of log-on message walk around website testing method and the system of identifying code, this website testing method and system do not need the developer to adjust the website code, cost is low, without security risk.
The technical solution adopted for the present invention to solve the technical problems is: construct a kind of website testing method, comprising step: S1, log in the test website, obtain the identification information in the message that sends described test website; S2, send access request to obtain website test data according to described identification information to described test website.
In website testing method of the present invention, described step S1 comprises: S11, login test website, obtain the HTTP packet that all the machine network interface cards receive, whether send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result; S12, according to described judged result, obtain the identification information in the message that sends described test website.
In website testing method of the present invention, described step S12 comprises: when Cookie is used in described test website, obtain described identification information in the cookie information from heading; When Cookie is not used in described test website, from the Accept information of heading, obtain described identification information.
In website testing method of the present invention, described step S2 comprises: S21, according to described identification information structure HTTP packet; S22, send access request to obtain website test data according to described HTTP packet to described test website.
In website testing method of the present invention, described step S21 comprises: when Cookie is used in described test website, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie is not used in described test website, use described identification information to consist of Accept attribute information in the heading of described HTTP packet.
The present invention also constructs a kind of Website testing system, comprising: acquisition module: be used for logging in the test website, obtain the identification information in the message that sends described test website; And test module: be used for sending access request to described test website to obtain website test data according to described identification information.
In Website testing system of the present invention, described acquisition module comprises: judging unit: be used for login test website, obtain the HTTP packet that all the machine network interface cards receive, whether send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produce judged result; And acquiring unit: be used for according to described judged result, obtain the identification information in the message that sends described test website.
In Website testing system of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information of described acquiring unit from heading; When Cookie was not used in described test website, described acquiring unit obtained described identification information from the Accept information of heading.
In Website testing system of the present invention, described test module comprises: structural unit: be used for according to described identification information structure HTTP packet; And test cell: be used for sending access request to described test website to obtain website test data according to described HTTP packet.
In Website testing system of the present invention, when Cookie was used in described test website, described structural unit used described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie was not used in described test website, described structural unit used described identification information to consist of Accept attribute information in the heading of described HTTP packet.
Implement website testing method of the present invention and system, have following beneficial effect: utilize website logo information forge the website the mode of log-on message walk around identifying code, do not need the developer to adjust the website code, cost is low, without security risk.
Judge the source of HTTP packet as elementary screening, the workload that the minimizing identification information obtains.Adopt different identification information getting method and using method for using the different test website with not using Cookie.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
In the flow chart of the first preferred embodiment of website testing method of the present invention shown in Figure 1, described website testing method starts from step 100; Proceed to step 101 after the step 100, log in the test website, obtain the identification information in the message that sends described test website; Subsequently, to next step 102, send access request to described test website to obtain website test data according to described identification information; Last the method ends at step 103.When adopting this website method of testing to carry out the website test, initial landing test website, log in successfully and from the message that the test website is returned, read identification information afterwards, when carrying out subsequently the website test, the identification information that application is obtained sends access request (project of test) to the test website, obtains the data of returning the website and tests to carry out the website.Can avoid every test when carrying out like this website test all needs the input validation code, does not need the developer to adjust the website code, has avoided transforming the expensive and security risk that cause the website for adjusting the website code.
In the flow chart of the second preferred embodiment of website testing method of the present invention shown in Figure 2, described website testing method starts from step 200; Proceed to step 201 after the step 200, whether login test website obtains the HTTP packet that all the machine network interface cards receive, send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produces judged result; Subsequently, to next step 202, according to described judged result, obtain the identification information in the message that sends described test website; Subsequently, to next step 203, send access request to described test website to obtain website test data according to described identification information.Last the method ends at step 204.After logging in the test website, the machine network interface card will receive outside HTTP packet, wherein have from the test website and send, also have and send from non-test website, whether the Host determined property HTTP packet according to the HTTP packet that receives sends from the test website, as sending the identification information that then from the HTTP packet, obtains in the message from the test website, as not being to send and then abandon this HTTP packet from the test website.Arranging like this can greatly reduce the workload that identification information obtains, and avoids obtaining wrong identification information.
In the flow chart of the 3rd preferred embodiment of website testing method of the present invention shown in Figure 3, described website testing method starts from step 300; Proceed to step 301 after the step 300, log in the test website, obtain the identification information in the message that sends described test website; Subsequently, to next step 302, according to described identification information structure HTTP packet; Subsequently, to next step 303, send access request to described test website to obtain website test data according to described HTTP packet.Last the method ends at step 304.Construct the HTTP packet so that can utilize website logo information to forge log-on message of website by identification information, thereby walk around the process of input validation code, so that the website automatic test is carried out.
Preferred embodiment as website testing method of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information from heading, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie is not used in described test website, from the Accept information of heading, obtain described identification information, use described identification information to consist of Accept attribute information in the heading of described HTTP packet.May setup and use Cookie and do not use two kinds of settings of Cookie for the website, adopt obtaining and using method of different identification informations.
When Cookie is used in described test website, obtain described identification information in the cookie information from the heading of testing the HTTP packet that sends the website, be generally: JSESSIONID=xxx, information is identification information after the SESSIONID parameter.
Carry out website when test, use described identification information to consist of Cookie attribute information in the heading of described HTTP packet, specific as follows:
GET/user_details.jsp?HTTP/1.1
Accept:image/gif,image/jpeg,image/pjpeg,image/pjpeg,
Accept-Language:zh-cn
Accept-Encoding:gzip,deflate
Host: website IP:8080
Connection:Keep-Alive
Cookie: get access to sign and write herein
When Cookie is not used in described test website, from the Accept information of the heading of the HTTP packet that sends of test website, obtain described identification information, is the sign information exchange often among the Accept: http://www.xxx.com/xxx/xx.xx? JSESSIONID=xxxx, information is identification information after the JSESSIONID parameter.
Carry out website when test, use described identification information to consist of Accept attribute information in the heading of described HTTP packet, specific as follows:
GET/user_details.jsp? JSESSIONID=gets access to sign and writes HTTP/1.1 herein
Accept:image/gif,image/jpeg,image/pjpeg,image/pjpeg,
Accept-Language:zh-cn
Accept-Encoding:gzip,deflate
Host: website IP:8080
Connection:Keep-Alive。
So namely realized the website test to the automation of use and the different test website of not using Cookie.
The present invention also constructs a kind of Website testing system, and in the structural representation of the first preferred embodiment of Website testing system of the present invention shown in Figure 4, described Website testing system comprises acquisition module 1 and test module 2.Acquisition module 1 is used for logging in the test website, obtains the identification information in the message that sends described test website; Test module 2 is used for sending access request to described test website to obtain website test data according to described identification information.When adopting this website test macro to carry out the website test, at first acquisition module 1 logs in the test website, log in successfully and from the message that the test website is returned, read identification information afterwards, when carrying out subsequently the website test, test module 2 is used the identification information that obtains and is sent access request (project of test) to the test website, obtains the data of returning the website and tests to carry out the website.Can avoid every test when carrying out like this website test all needs the input validation code, does not need the developer to adjust the website code, has avoided transforming the expensive and security risk that cause the website for adjusting the website code.
In the structural representation of the second preferred embodiment of Website testing system of the present invention shown in Figure 5, acquisition module 1 comprises judging unit 11 and acquiring unit 12.Whether judging unit 11 is used for login test website, obtains the HTTP packet that all the machine network interface cards receive, send from described test website according to the described HTTP packet of the Host determined property of described HTTP packet, produces judged result; Acquiring unit 12 is used for according to described judged result, obtains the identification information in the message that sends described test website.After logging in the test website, the machine network interface card will receive outside HTTP packet, wherein have from the test website and send, also have and send from non-test website, whether judging unit 11 sends from the test website according to the Host determined property HTTP packet of the HTTP packet that receives, as sending 12 identification informations that obtain in the message of acquiring unit from the test website from the HTTP packet, as not being to send from the test website, 12 of acquiring units abandon this HTTP packet.Arranging like this can greatly reduce the workload that identification information obtains, and avoids obtaining wrong identification information.
In the structural representation of the 3rd preferred embodiment of Website testing system of the present invention shown in Figure 6, test module 2 comprises structural unit 21 and test cell 22.Structural unit 21 is used for according to described identification information structure HTTP packet; Test cell 22 is used for sending access request to described test website to obtain website test data according to described HTTP packet.Structural unit 21 constructs the HTTP packet by identification information so that test cell 22 can utilize website logo information to forge log-on message of website, thereby walks around the process of input validation code, so that the website automatic test is carried out.
Preferred embodiment as Website testing system of the present invention, when Cookie is used in described test website, obtain described identification information in the cookie information of acquiring unit 12 from heading, structural unit 21 uses described identification information to consist of Cookie attribute information in the heading of described HTTP packet; When Cookie was not used in described test website, acquiring unit 12 obtained described identification information from the Accept information of heading, and structural unit 21 uses described identification information to consist of Accept attribute information in the heading of described HTTP packet.May setup and use Cookie and do not use two kinds of settings of Cookie for the website, adopt obtaining and using method of different identification informations.Concrete implementation is referring to above-mentioned relevant website testing method.So namely realized the website test to the automation of use and the different test website of not using Cookie.
The above only is embodiments of the invention; be not so limit claim of the present invention; every equivalent structure transformation that utilizes specification of the present invention and accompanying drawing content to do, or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.