Recording HTTPS Traffic with JMeter's Proxy Server
If you read our article, JMeter's Superpower: The HTTP Proxy Server, then you already know how to use JMeter's Proxy Server to record HTTP traffic.
But what if a website uses SSL encryption?
Then, you better make some configuration changes. Here's how.
Record HTTPS Traffic with the JMeter Proxy Server
*By default, JMeter supports recording HTTPS (SSL) in versions 2.3.4+ and HTTP Samplers are configured to accept all certificates, whether trusted or not.
To record encrypted traffic, first configure the JMeter Proxy Server and browser proxy settings. We used Firefox for this example.
If you are using another browser be sure that you insert the IP/PORT address in the HTTPS Proxy field.
To record encrypted traffic, accept JMeter’s dummy certificate.
Click “I Understand the Risks”
Click “Add Exception...”
Uncheck “Permanently store this exception”
Click “Confirm Security Exception”
Now, you can see that the encrypted traffic was successfully recorded. You can also find errors in the JMeter log:
ERROR - jmeter.protocol.http.proxy.Proxy: Problem with SSL certificate? Ensure browser is set to accept the JMeter proxy cert: Received fatal alert: bad_certificate javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
You can easily ignore these types of errors as they are not related to the traffic for BlazeMeter's app. If you open the network tab in Firebug, you can see that along with Blazemeter’s HTTPS traffic, there are also encrypted traffic from external sites.
How to Remove JMeter 's Dummy Certificate
To remove JMeter's dummy certificate, open Preferences -> Advanced -> Certificates -> View Certificates. In a new window choose “Servers” tab. Select certificate and click “Remove”.
Troubleshooting: Recording Encrypted Traffic
When recording encrypted traffic, there are 2 issues that can pop up.
1. No possibility to add an exception.
a.blazemeter.com uses an invalid security certificate. The certificate is not trusted because it is self-signed.
The certificate is only valid for the JMeter Proxy (Error code: sec_error_cert_signature_algorithm_disabled).
2. The browser prevents adding an exception
You will see a warning message: “This site provides valid, verified identification. There is no need to add an exception.”
The solution for both issues is the same. Clear your browser history. A quick Ctrl+Shift+Delete, and clearing the history of the last hour should do it, though, sometimes you may have to clear ALL your history if recording the site for a long time.
Last but not least, you can bypass JMeter completely by using the Google Chrome JMeter Extension and record JMeter scripts directly from your browser!
How to Record HTTPS Without Using JMeter
BlazeMeter's Chome Extention suporrts both HTTP/HTTPS protocols, record/edit features and you can achieve similar results without any JMeter configurations and without SSL certificate troubleshooting. To use this tool BlazeMeter account is required to convert the recording into a JMeter script (.jmx) file as this process is done on the server side. Any BlazeMeter account will work (free or paid). The JMeter Chrome extension is free to use for as long as you like.
Want to Learn More About JMeter & Load Testing?
If you are new to JMeter, and you’d like to learn more, please sign up for our free online JMeter training course.
For more experienced JMeter users, you'll want to view the on-demand webcast, How to Create Advanced Load Testing Scenarios with JMeter.