Encryption at browser level

Question

I call an external javascript file. Please find below my code in JSR223 Sampler:

load('EncryptionLogic.js');

var result1 = encrypt("1087679107122020","password");
var result2 = encrypt("433702216042014","password1");
log.info("encrypted value is "+result1);
log.info("encrypted value is "+result2);
var result3 = encrypt("CONOPSFD1","password2");
log.info("encrypted value is "+result3);

Also, find below the response received:

2021-01-25 12:52:00,952 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc6
2021-01-25 12:52:00,953 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f
2021-01-25 12:52:00,955 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f6a7aede54d846f7bf805d7423b

Basically the values are getting concatenated. i.e. result2 has result1 string as well. result3 has result1 and result2. Looks like something needs to be cleared somewhere.

Below is the javascript file content

//Encrypt is done using the following Javascript function, the key is 'password'. It is passed as pwd variable in the below function (2nd argument below):
 var enc_str = "";
function encrypt(str, pwd) {
    
  if(pwd == null || pwd.length <= 0) {
    //alert("Please enter a password with which to encrypt the message.");
    return null;
  }
  var prand = "";
  for(var i=0; i<pwd.length; i++) {

    prand += pwd.charCodeAt(i).toString();
    //alert(prand);
  }
  var sPos = Math.floor(prand.length / 5);
  //var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos*2) + prand.charAt(sPos*3) + prand.charAt(sPos*4) + prand.charAt(sPos*5));
  var mult = parseInt( prand.charAt(sPos*2) + prand.charAt(sPos*3));

  var incr = Math.ceil(pwd.length / 2);
  var modu = Math.pow(2, 31) - 1;
  if(mult < 2) {
     //alert("Algorithm cannot find a suitable hash. Please choose a different password. \nPossible considerations are to choose a more complex or longer password.");
                showNewErrDiv('1',getConvertedErrorString('Algorithm cannot find a suitable hash. Please choose a different password.')+ '\n'+ getConvertedErrorString('Possible considerations are to choose a more complex or longer password.'),'','1','');
    return null;
  }
  var salt = Math.round(Math.random() * 1000000000) % 100000000;
  //var salt = Math.round(Math.random() * 100000) % 10000;
  prand += salt;
  while(prand.length > 15) {
    prand = (parseInt(prand.substring(0, 15)) + parseInt(prand.substring(15, prand.length))).toString();
  }
  prand = (mult * prand + incr) % modu;
  var enc_chr = "";
 
  for(var i=0; i<str.length; i++) {
    enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
    if(enc_chr < 16) {
      enc_str += "0" + enc_chr.toString(16);
    } else enc_str += enc_chr.toString(16);
    prand = (mult * prand + incr) % modu;
  }
  salt = salt.toString(16);
  while(salt.length < 8)salt = "0" + salt;
  enc_str += salt;
  return enc_str;
}

Your half tags refers to _Java_, and _Java_ has nothing to do with _JavaScript_. — Justinas, Jan 25 '21 at 08:03
"var enc_str = "";" should be called inside of your encryption function and not outside. — Michael Fehr, Jan 28 '21 at 21:30

score 0 · Accepted Answer · answered Jan 25 '21 at 08:27

Move your var enc_str = ""; inside the encrypt() function like:

function encrypt(str, pwd) {
var enc_str = "";   
//your other code

Currently it's global therefore on subsequent calls the new values are being concatenated and if you need to clear the old value - it needs to be done inside the function

Also be aware that according to JMeter Best Practices you should be using Groovy language for scripting so it worth considering migrating to Groovy for the optimal performance. More information: Apache Groovy - Why and How You Should Use It

Encryption at browser level

1 Answers1