Re: [clif] HttpMatrix plugin

[Bruno Dillenseger <bruno.dillenseger@xxxxxxxxxxxxxxxxxx>]

Nicolas Barré wrote:

according to Bruno Dillenseger:
  

Hello,

Unfortunately, there is no such thing like an example of this Isac
plug-in. It has been made inspired by Rubis' way of defining load
scenarios, but it has never been used. Users performing HTTP testing
always use the HttpInjector plug-in.
So, unless you have a strong reason for using the probabilistic state
transition matrix, I recommend using the HttpInjector plug-in.
Otherwise, I may have a look at it and tell you how it works. Just
tell me...

Best regards,
-- Bruno.


    

I precisely need to make load injection for Rubis application. I'm
working on web applications security and I want to add some attacks in
the load scenario, that's why I'm not using Rubis client.
I'll try to add some functionnalities to HttpInjector plug-in.

Thank you for your help
Nicolas
  

OK. Once again, if you are really more interested in the HttpMatrix injector, I can throw an eye to it to figure out if it is actually usable, and how to use it.
I'm quite interested in what you call "attacks" - do you mean malformed HTTP requests or application-specific malicious requests? If you tell me, I may advise you about how to proceed with existing ISAC plug-ins, and possibly how to add the missing features, or even how to make your own fault injector Isac plug-in (using the Eclipse wizard).

Best regards,
-- Bruno.