How do you record the traffic from your native mobile app using Apache JMeter? In this video, I explain step-by-step how to begin load testing a native mobile app.
You might want to be doing this because you're load testing a mobile app but either you don't have access to your developers right now so they can't help you with how the requests are made or what the requests are, or maybe you just want to verify what you've already been told. Either way, I'm going to show you how using my Android device (it's a Samsung Galaxy Note 10+) and a Macbook Pro 13". However, the same principles should apply to other mobile devices and laptops.
Step 1: Download and install the mobile app
The first thing you'll want to do is download and install the app. Now, if the app has already been released, then that's no problem. You just go to the Google Play Store and download it. However, if it hasn't been released yet and you've been given an APK file for the app, then you'll have to tweak your settings a little bit in order to get your phone to allow you to download it.
And I'm going to do this right with you. So go into Settings: pull down the little notification screen and hit the little gear icon, and you'll see a bunch of settings there. Scroll down all the way to the bottom until you see About phone. Click that and then click Software Information. You'll see the Build number halfway through the screen here-- and I know this is weird, but click on it seven times. You have to draw your pattern if you have one set up, but you'll see here that it says Developer Mode has been enabled. That's all you need to do; from now on you can install any APK, but be careful, because if you don't trust the source, you know, they could do some damage to your phone.
Step 2: Set up the HTTP(S) Test Script Recorder on JMeter
The second step is setting up an HTTP recorder on JMeter. So let's head over to our laptop. Make sure you're connected to a wifi network. Now, this is a completely new JMeter test plan here. So just right-click on Test Plan and then hover over Add, and then you're going to go down to Non-Test Elements. Select the HTTP(S) Test Script Recorder. You'll see here that the port it uses is 8888. We'll need that for later. Now right-click on the Test Script Recorder, hit Add, and then Listener. We'll add a View Results Tree to be able to capture the results that we need later. Now we'll click on the Test Plan - right-click - and then we're going to Add a Thread Group. Now let's right-click on the Thread Group and go to Add > Logic Controller > Recording Controller. This is where the requests that we're going to send are going to be recorded, and we'll see both the requests and the responses in View Results Tree.
Step 3: Set up your mobile to use the HTTP(S) Test Script Recorder as a proxy
Now, the third step is to set up your mobile to use a proxy. So, back on the mobile, go back to Settings and hit Connections. And then click on Wifi. Now verify that the wifi network that you're connected to on your mobile is the same one as the wifi network that you're connected to on your laptop. If it's the same, click the gear icon. And then hit Advanced all the way at the bottom. Now the Proxy settings are on the second option here so hit the down menu here and then hit Manual. Now, for the Proxy host name we'll have to go back to the computer to see what our local IP address is.
So, in order to do that, you just have to go to System Preferences. I'm doing it from the Apple menu here and from System Preferences, click on Network. And once you've selected the wifi network, hit Advanced, and then TCP/IP. So what you're looking for will be this IPv4 Address. Now you're going to type that into the Host name field on your mobile. So let me just type that in.
You'll note that this is actually a local IP address. It's not your public IP address. Now for our proxy port, we'll go and look at the laptop to see the Test Script Recorder Settings and it was 8888, so that's what we're going to put in here. All right. And then click on Save.
Step 4: Start recording
Step 4 is recording the traffic. Now, go back to your laptop on JMeter and click on the Test Script Recorder. Now we're going to click on Start. It'll come up with this popup box here and you can just click OK since we already trust the source. You'll see this little popup here to confirm that we are recording traffic. Now let's see if we've actually configured it correctly.
On our mobiles, let's go back and open the app that you want to use. So I'm going to be using the IowaReporterApp. I just did an article on this on The New Stack (link in the description below) about how I would load test the Iowa Caucus Reporter App. So that's what I'm going to be using for this tutorial as well. So I'm going to open that ("getting ready to caucus") and I don't have a valid precinct ID so I'm just going to put flood.io and I'm going to click Login. So it's telling me that the connection isn't private. I don't actually expect this to work, because the app has been taken down and I don't have valid login credentials, but I'm still just going to go forward. So, Proceed. You might have to do this as well if your certificates haven't been set up correctly.
Okay, so now we've gotten this error here and it says, "Oops, something went wrong". So it's handy to know what it looks like on your mobile so that you can go into JMeter and see if that's what you see as well.
So on JMeter let's go to the View Results Tree and it looks like Google Play tried to do a few things beforehand but what we're really looking for is this IDP caucus thing. So, these are the requests that my phone made and these are the responses. So this is where we got the certificate error because it says "certificate unknown". Now this is the actual request we sent for login. You can see the request here - the full request - and also the full response. Now, just to check we'll make sure we got the same response in the body here on JMeter that we saw on our mobile phones.
And here it is; it says "Oops!, something went wrong". You can of course just search for this. So we'll stop the recording now because we've confirmed that we've gotten what we wanted. So in the recording controller, we can see the requests that were recorded from our mobile app and the first one looks like it was one to Google so that's not one we want. If we were doing this again, we could actually go into the Test Script Recorder, go into this Requests Filtering tab, and we could just filter out or exclude the domains that we don't want to test, like Google. But this looks like the request that we were actually looking for. You'll see the full request here with all the parameters and the values.
And that's how you record traffic from a native mobile app on JMeter. From here, you can then play around with the request. Like we saw, there were a lot of dynamic values that were recorded in the request. We would probably want to correlate those and make sure that we're doing those correctly. But this is a really great starting point for testing a mobile app.
Till the next Ask a Flooder, happy Flooding!