Mar 27

Automate NTLM Authenticated Web Service Testing with WebInject

Tag: java,ntlm,perl,soap,testing,webservicespmularien @ 8:09 pm

This is a bit of a different subject matter than I usually cover, so I apologize in advance. I was recently working on a project involving many, many remote web services. We were running into issues with some services being sporadically unavailable, and wanted to gather data on their uptime. One interesting twist was that all the services were protected by NTLM authentication, which severely limited the number of choices I could find easily.

I came across a Perl-based tool called WebInject. With some slight tweaking, it does support NTLM authentication, and it also supports POST body content, which I needed to be able to POST SOAP requests.

Here’s how to set it up on a Windows platform and implement NTLM support.

  • First, download the WebInject distribution. Unzip to a folder (say, c:\webinject).
  • Next, download and install ActivePerl 5.8 (latest) from here.
  • Once you install ActivePerl, you’ll need to install some Perl packages:

The following packages are required:

ppm install Error
ppm install Tk::ProgressBar::Mac
ppm install Authen::NTLM

WebInject comes with an executable which wraps up a Perl interpreter and all the packages you need. However, it doesn’t include the package with NTLM support. So we are setting things up so that our external Perl interpreter (ActivePerl) has all the dependencies it needs in order to run WebInject as a Perl script.

Once you’ve installed the packages listed above, you should be able to run WebInject as a Perl script:

perl webinjectgui.pl

You will need to make a minor change to the webinject.pl script to enable HTTP keepalives (these are required for NTLM authentication). Look for the LWP::UserAgent->new line and modify as such:

    $useragent = LWP::UserAgent->new(keep_alive=>1);

This will allow WebInject to communicate with an NTLM web service. Set up authentication as documented in the WebInject documentation. Of course, after I went through this, another colleague suggested trying out SoapUI, which also supports some types of NTLM authentication. I’ll try to write up that tool later on – first impressions look really good (certainly much more sophisticated than WebInject).

Related Reading:
http://www.goldb.org/goldblog/2007/05/16/WebInjectOpenSourceWebServiceTestingToolGetsHighMarks.aspx
http://www.infoworld.com/article/07/05/11/19TCwebservicetest_5.html
http://www.webinject.org/cgi-bin/forums/YaBB.cgi?board=Development;action=display;num=1185818423

2 Responses to “Automate NTLM Authenticated Web Service Testing with WebInject”

  1. Automate NTLM Authenticated Web Service Testing with WebInject says:
    March 27th, 2008 at 9:08 pm

    [...] unknown wrote an interesting post today onHere’s a quick excerptThis is a bit of a different subject matter than I usually cover, so I apologize in advance. I was recently working on a project involving many, many remote web services. We were running into issues with some services being sporadically … [...]

  2. seabox says:
    March 10th, 2010 at 11:43 pm

    Great post. One other thing I had to do in webinject.pl, was update line 86 to increase the follow redirects for GET’s to at least 3:
    $useragent->max_redirect(’5′);
    Reason being, IIS uses a few requests to actually authenticate the user.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">