LoadRunner web_reg_find search within headers

If you are submitting requests and are expecting an empty response body, you should still check your response headers to determine if the request was successful.

To search your response headers, you will need to add the “Search=Headers” into your web_reg_find function.

web_reg_find("Text/IC=HeaderSearch", "Search=Headers", LAST);

The different request methods OPTIONS, DELETE, PUT, HEADER typically return a valid response with an empty response body.

 

Common Ports

Common Ports

Port NumberServiceNotes
21FTP
22SSHEncrypted
23Telnet
25SMTPMail
53DNS
80HTTPWeb
110POP3Mail
143IMAP4Mail
389LDAP
443HTTPSEncrypted, Web
465SMTP over SSLEncrypted
587SMTP
1433Microsoft SQL ServerDatabase
1434Microsoft SQL ServerDatabase
2082cPanel
2083cPanel over SSLEncrypted
2483Oracle DBDatabase
2484Oracle DBDatabase
3306MySQLDatabase
3389Terminal Server (RDP)
5432PostgreSQLDatabase
8080HTTP Proxy

 

ARP Poisoning

Address Resolution Protocol – Poisoning / Spoofing

How?
An attacker sends falsified ARP messages over the LAN, which results in the linking of an attacker’s MAC address with the IP address of a victim computer or server on the network.

Audience?
LAN network segments that use ARP

Impact?
MitM attacks (viewing non encrypted traffic, sessions, credentials etc.)
DoS attacks

Mitigation?
Static MAC addressing
ARP spoofing detection software
Packet filtering/inspection

 

SQLMap

Common Flags
-u URL
-p PARAMETER_TO_TEST
-v VERBOSE (1-6, default 1-Show info and warning messages)
–cookie=”document.cookie”
–level=LEVEL (1-5)
–risk=RISK (1-4)
–user-agent=”SQLMAP”
–headers=”HEADERS”
–technique=BEUSTQ (Boolean, Error, Union, Stacked, Time, Query Inline)
–dump DUMP DBMS database table entries
–dump-all DUMP all DBMS database table entries
–users
–passwords
–is-dba Determines if the current user is a DBA
Continue reading…

 

Disable and Enable UAC, DEP, and Firewall from command prompt

Disable DEP
bcdedit.exe /set {current} nx AlwaysOff

Enable DEP
bcdedit.exe /set {current} nx AlwaysOn

Disable UAC
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

Disable Firewall:
Netsh Advfirewall set allprofiles state off

Enable Firewall:
Netsh Advfirewall set allprofiles state on

Check status of Firewall:
Netsh Advfirewall show allprofiles

 

LoadRunner TruClient – Transaction End Events

Action completed. This event is triggered when the action to be performed has completed. However, the step may not have ended yet. For example, for steps related to the application, there might be additional network or DOM activity. Dispatched when the action defined in the step is completed.
Continue reading…