Sample workflows

Here’s some sample workflows to show you the power of Rungutan:

LANDING PAGE

{
  "test_name": "Blog post test",
  "run_time": 60,
  "num_clients": 10,
  "threads_per_region": 1,
  "test_region": [ "us-east-1" ],
  "workflow": [
    {
      "path": "https://example.com/",
      "method": "GET"
    },
    {
      "path": "https://example.com/blog",
      "method": "GET"
    },
    {
      "path": "https://example.com/blog/post-1",
      "method": "GET"
    },
  ]
}

BASIC AUTH

{
  "test_name": "Blog post behind nginx HTTP access basic auth",
  "run_time": 60,
  "num_clients": 10,
  "threads_per_region": 1,
  "test_region": [ "us-east-1" ],
  "workflow": [
    {
      "path": "https://example.com/",
      "method": "GET",
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
    {
      "path": "https://example.com/blog",
      "method": "GET",
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
    {
      "path": "https://example.com/blog/post-1",
      "method": "GET",
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
  ]
}

BASIC AUTH WITH FILE UPLOAD

{
  "test_name": "Upload file to site with basic auth",
  "run_time": 60,
  "num_clients": 10,
  "threads_per_region": 1,
  "test_region": [ "us-east-1" ],
  "workflow": [
    {
      "path": "https://example.com/",
      "method": "GET",
      "files": [
         "file1", "file2"
      ]
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
    {
      "path": "https://example.com/blog",
      "method": "GET",
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
    {
      "path": "https://example.com/blog/post-1",
      "method": "GET",
      "files": [
         "file3"
      ]
      "headers": {
         "Authorization": "Basic some-token-here"
      }
    },
  ]
}

JSON RESPONSE WITH PATH EXPRESSION

{
    "run_time": 60,
    "num_clients": 10,
    "threads_per_region": 1,
    "workflow": [
        {
            "path": "https://example.com/v1/api/tests/list",
            "method": "POST",
            "headers": {
                "Content-Type": "application/json",
                "X-Api-Key": "${vault.api_key}"
            },
            "extract": [
                {
                    "parameter_name": "test_id",
                    "location": "body",
                    "json_path_expression": "Tests[*].test_id",
                    "default_value": "some_id_here_in_case_not_found"
                }
            ],
            "data": "{\"team_id\":\"rungutan\"}",
            "files": []
        },
        {
            "path": "https://example.com/v1/api/tests/get",
            "method": "POST",
            "headers": {
                "Content-Type": "application/json",
                "X-Api-Key": "${vault.api_key}"
            },
            "data": "{\"team_id\":\"rungutan\", \"test_id\":\"${test_id}\"}",
            "extract": [],
            "files": []
        }
    ],
    "test_region": [
        "eu-west-1",
        "eu-west-2"
    ],
    "test_name": "List all tests, extract a random test_id using path expression and fetches its details"
}

First workflow step:

  • Hit the /v1/api/tests/list path with POST

  • Inject the X-Api-Key header with the relevant Vault key

  • Extract a random “test_id” key from the “Tests” array in the JSON response and STORE it in the variable named “test_id”

Second workflow step:

  • Hit the /v1/api/tests/get path with POST

  • Inject the X-Api-Key header with the relevant Vault key

  • Set the payload as “{“team_id”:”rungutan”, “test_id”:”${test_id}”}” by referencing the value of the variable that we extracted in the previous step

JWT LOGIN PLATFORM

{
  "test_name": "Platform with JWT based auth",
  "num_clients": 10,
  "run_time": 60,
  "threads_per_region": 1,
  "test_region": [ "us-east-1" ],
  "workflow": [
       {
           "path": "https://example.com/login",
           "method": "POST",
           "headers": {
               "Content-Type": "application/x-www-form-urlencoded"
           },
           "data": "user=${vault.username}&password=${vault.password}",
           "extract": [
               {
                   "parameter_name": "authtoken",
                   "location": "body",
                   "key": "access_token"
               }
           ]
       },
       {
           "path": "https://example.com/results",
           "method": "POST",
           "data": "{\"result_id\": \"1\"}"
           "headers": {
               "Authorization": "Bearer ${authtoken}"
           }
       }
   ]
}

First workflow step:

  • Hit the /login path with POST

  • Inject the username and password values from the relevant Vault keys into the payload

  • Extract the “access_token” key from the JSON response and STORE it in the variable named “authtoken”

Second workflow step:

  • Hit the /results path witht POST

  • Include a payload in the request

  • Set the header as “Bearer ${authtoken}” by referencing the value of the variable that we extracted in the previous step

LOGIN E-COMMERCE, PUSH COOKIES AND UPDATE SHIPPING ADDRESS

{
    "run_time": 60,
    "num_clients": 10,
    "threads_per_region": 1,
    "workflow": [
        {
            "path": "https://example.com/login",
            "method": "GET",
            "files": [],
            "data": "",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "navigate",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "document",
                "referer": "https://${vault.domain_name}/"
            },
            "extract": [
                {
                    "parameter_name": "csrftoken",
                    "location": "body",
                    "element_with_regex": "type=\"hidden\" name=\"ci_csrf_token\" value=\"(.+?)\""
                }
            ],
            "extract_cookies": "yes"
        },
        {
            "path": "https://example.com/login",
            "method": "POST",
            "files": [],
            "data": "ci_csrf_token=${csrftoken}&login-email=${vault.login_email}&login-password=${vault.login_password}&form-login-submit=1",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "navigate",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "document",
                "referer": "https://${vault.domain_name}/login",
                "origin": "https://${vault.domain_name}",
                "content-type": "application/x-www-form-urlencoded"
            },
            "extract": [],
            "extract_cookies": "no"
        },
        {
            "path": "https://example.com/dashboard/address_book/shipping",
            "method": "GET",
            "files": [],
            "data": "",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "navigate",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "document",
                "referer": "https://${vault.domain_name}/dashboard",
                "origin": "https://${vault.domain_name}"
            },
            "extract": [
                {
                    "parameter_name": "shipping_address_id",
                    "location": "body",
                    "element_with_regex": "/dashboard/address_book/edit_shipping/(.+?)"
                }
            ],
            "extract_cookies": "no"
        },
        {
            "path": "https://example.com/dashboard/address_book/edit_shipping/${shipping_address_id}",
            "method": "GET",
            "files": [],
            "data": "",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "navigate",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "document",
                "referer": "https://${vault.domain_name}/dashboard/address_book/shipping",
                "origin": "https://${vault.domain_name}"
            },
            "extract": [],
            "extract_cookies": "no"
        },
        {
            "path": "https://example.com/dashboard/address_book/edit_shipping/${shipping_address_id}/ajax-save-address",
            "method": "POST",
            "files": [],
            "data": "action=ajax_save_address&validate_data=ci_csrf_token%3D${csrftoken}%26address_book_id%3D${shipping_address_id}%26zipcode%3D${vault.zip_code}&address_book_id=${shipping_address_id}&ci_csrf_token=${csrftoken}",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "*/*",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "cors",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "empty",
                "referer": "https://${vault.domain_name}/dashboard/address_book/edit_shipping/${shipping_address_id}",
                "origin": "https://${vault.domain_name}",
                "x-requested-with": "XMLHttpRequest",
                "content-type": "application/x-www-form-urlencoded; charset=UTF-8"
            },
            "extract": [],
            "extract_cookies": "no"
        },
        {
            "path": "https://example.com/logout",
            "method": "POST",
            "files": [],
            "data": "",
            "headers": {
                "authority": "${vault.domain_name}",
                "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\"",
                "sec-ch-ua-mobile": "?0",
                "sec-ch-ua-platform": "macOS",
                "upgrade-insecure-requests": "1",
                "dnt": "1",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36",
                "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
                "sec-fetch-site": "same-origin",
                "sec-fetch-mode": "navigate",
                "sec-fetch-user": "?1",
                "sec-fetch-dest": "document",
                "referer": "https://${vault.domain_name}/dashboard/address_book/shipping",
                "origin": "https://${vault.domain_name}"
            },
            "extract": [],
            "extract_cookies": "no"
        }
    ],
    "test_region": [
        "eu-central-1"
    ],
    "test_name": "Login GET + Login POST + View shipping addresses GET + Update address with ajax POST + Logout GET"
}

First workflow step:

  • Hit the login URL with the METHOD GET

  • EXTRACT the CSRF token value by scanning the page for the actual value of csrf-token and STORE IT with variable name csrftoken

Second workflow step:

  • Use the value of the PREVIOUSLY STORED variable csrftoken and construct the LOGIN credentials by fetching the username and password from vault

  • Hit that URL with the METHOD POST

  • EXTRACT COOKIES and push them towards future workflow steps

Third workflow step:

  • Access the Shipping page

  • EXTRACT the ID of the shipping address stored in database and STORE IT with variable name shipping_address_id

Forth workflow step: * Update the shipping address by simulating an AJAX post call with sec-fetch-mode header as CORS and XMLHttpRequest as the “x-requested-with” header

Fifth workflow step

  • Simply log out the user

CSV UPDATE USER DETAILS

{
    "test_name": "Update email + phone number - 1000 users csv",
    "run_time": 60,
    "num_clients": 10,
    "threads_per_region": 5,
    "workflow": [
        {
            "path": "https://example.com/user/${csv.testprod.3}/profile",
            "method": "GET",
            "data": "",
            "headers": {
                "Content-Type": "application/json",
                "Authorization": "${vault.api_key}"
            },
            "extract": [
                {
                    "parameter_name": "profile_id",
                    "location": "body",
                    "key": "profile_id_extracted"
                }
            ]
        },
        {
            "path": "https://example.com/user/${profile_id_extracted}/profile-details",
            "method": "POST",
            "data": "{\"phone_number\": \"+14041234567\"}",
            "headers": {
                "Content-Type": "application/json",
                "Authorization": "${vault.api_key}"
            }
        },
        {
            "path": "https://example.com/user/${profile_id_extracted}/profile-details",
            "method": "POST",
            "data": "{\"email\": \"[email protected]"}",
            "headers": {
                "Content-Type": "application/json",
                "Authorization": "${vault.api_key}"
            }
        }
    ],
    "test_region": [
        "us-east-1",
        "us-east-2"
    ]
}

Here’s the step by step long explanation:

First workflow step:

  • Extract a random ROW from file testprod

  • From that ROW, get the value of the COLUMN with index 3

  • With that value, construct the URL -> /user/${csv.testprod.3}/profile

  • Hit that URL with the METHOD GET

  • Authenticate the API request using a VAULT key with the name api_key by placing it in the header key called “Authorization”

  • EXTRACT the parameter profile_id from the received JSON response and STORE IT with variable name profile_id_extracted

Second workflow step:

  • Use the value of the PREVIOUSLY STORED variable profile_id_extracted and construct the URL -> /user/${profile_id_extracted}/profile-details

  • Hit that URL with the METHOD POST

  • Authenticate the API request using a VAULT key with the name api_key by placing it in the header key called “Authorization”

  • Push the appropriate PAYLOAD using the json-escaped data field in order to update the phone number

Third workflow step:

  • Use the SAME value of the PREVIOUSLY STORED variable profile_id_extracted and construct the URL -> /user/${profile_id_extracted}/profile-details

  • Hit that URL with the METHOD POST

  • Authenticate the API request using a VAULT key with the name api_key by placing it in the header key called “Authorization”

  • Push the appropriate PAYLOAD using the json-escaped data field in order to update the email address