Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Creating a locust file from scratch is sometimes hard. Don't you wish you could just generate it automatically from a browser session?
Well, now you can! har2locust converts your browser recordings (HAR files) into locust files.
Here's an example of a generated file.
At its core har2locust uses a jinja2 template to define the output. You can easily change that to customize your output, or you can go even further and use the plugin system to make any kind of changes to the processing/output.
pip install har2locust
Navigate the web with your browser while recording your activity. Then export the recording into a HAR file. Here is an example using Chrome Devs Tools
Run har2locust myrecording.har > locustfile.py
> har2locust --help
usage: har2locust [-h] [-t TEMPLATE] [--plugins PLUGINS] [--disable-plugins DISABLE_PLUGINS]
[--resource-types RESOURCE_TYPES] [--version] [--loglevel LOGLEVEL]
input
positional arguments:
input har input file
options:
-h, --help show this help message and exit
-t TEMPLATE, --template TEMPLATE
jinja2 template used to generate locustfile. Defaults to locust.jinja2. Will check current
directory/relative paths first and har2locust built-ins second
--plugins PLUGINS Comma separated list of extra python files to source OR packages to import, containing
decorated methods for processing the har file.
--disable-plugins DISABLE_PLUGINS
Temporarily disable default plugins. Specified by comma separated list of default plugin
python files to source.
--resource-types RESOURCE_TYPES
Commas separated list of resource types to be included in the locustfile. Supported type are
`xhr`, `script`, `stylesheet`, `image`, `font`, `document`, `other`. Defaults to
xhr,document,other.
--version, -V show program's version number and exit
--loglevel LOGLEVEL, -L LOGLEVEL
Simplest usage:
har2locust myrecording.har > locustfile.py
Load extra plugins by import path and/or filename:
har2locust --plugins har2locust.extra_plugins.plugin_example,myplugin.py myrecording.har
Disable one of the default plugins:
har2locust --disable-plugins=rest.py myrecording.har
Parameters can also be set using environment variables or config files (har2locust.conf or ~/.har2locust.conf) For details about how to set parameters see https://goo.gl/R74nmi
Filter your recording using the files .urlignore
and .headerignore
(read from your current directory).
Populate them with regexes to filter any unwanted requests or headers from your recordings.
Some headers are always ignored (cookie, content-length and chrome's "fake" headers)
Here are some examples: .urlignore,
.headerignore
Use the plugin system for more advanced processing.
har2locust builds upon har2py, modified to generate a locustfile instead of a basic Python file and extended to support plugins.
har2locust is very new, and before 1.0 there may be changes to interfaces without notice. If you encounter an issue, PRs are very welcome.
Also, dont expect that the generated file will always be very useful out of the box. You'll want to add response validations to ensure the quality of your test, and perhaps parametrize dynamic data like usernames.
FAQs
Developer friendly load testing framework
We found that har2locust demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.