Extraction Rules in Web Application Transaction Monitoring

Extraction Rules can be useful when creating a synthetic transactions for a web request. If the page you need to monitor is using a unique session id that need to be passed on from the login request to the following request.

In this example the login form uses a unique identifier to prevent Cross-site request forgery (CSRF). This needs to be passed on to the following request.

Click the Add Monitoring Wizard from the Authoring pane.

Set a Name and select a Management Pack to save it in.

Enter an URL to proceed to the next step.

Choose one or more Watcher Nodes.

Click on Start Capture to start a recording.

Notice, there are some fulfilments to be met for the Internet Explorer window to be able to load the add-on running the web recorder. For example, IE10 is not support, you might need to run the IE window in 64-bit mode and enable third-party browser extensions (find out more here).

Browsing to a page will record the address as seen in the Web Recorder explorer bar.

I’ll create two recordings one for the login page and a second actually making the login. In the latter the form post variables will be displayed directly in the Web Recorder.

Now there are two recordings in the editor.

Pressing Run Test will display an error.

Taking a look at the source of the login page reveals the hidden csrf variable.

In the code a new session variable will be generated whenever entering the login page.

Now it’s time to use the Extraction Rules. You can locate the tab under Properties for the request in question.

Click the Add button to open the Add Extraction Rule window. From the source code we know that the variable entry starts with csrf” value=” and ends with a “.