Testing Web-Based Software using TCP/IP and Sockets

The use of Web-based applications such as ASP.NET applications, Web Services, AJAX-based applications, and so on, is increasing steadily. A useful technique for testing many such applications is to send a low-level request to the SUT using TCP/IP and sockets. The technique is general-purpose because is works at a very low level of abstraction. For example, suppose you want to test some Web Service which contains a Web Method named GetTitles(). First you could set up the request in SOAP format along the lines of:
string input = "some input";
string soapMessage = "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
soapMessage += "<soap:Envelope>";
soapMessage += "<soap:Body>";
soapMessage += "<GetTitles>";
soapMessage += "<filter>" + input + "</filter>";
soapMessage += "</GetTitles>";
soapMessage += "</soap:Body>";
soapMessage += "</soap:Envelope>";
Next you could set up the request destination:
string host = "localhost";
string webService = "/TestAuto/Ch8/TheWebService/BookSearch.asmx";
string webMethod = "GetTitles";
IPHostEntry iphe = Dns.Resolve(host);
IPAddress[] addList = iphe.AddressList; // addList[0] ==
EndPoint ep = new IPEndPoint(addList[0], 80); // ep =
Then you could set up a TCP/IP socket:
Socket socket = new Socket(AddressFamily.InterNetwork,
 SocketType.Stream, ProtocolType.Tcp);
And then construct the HTTP wrapper somewhat like:
string header = "POST " + webService + " HTTP/1.1\r\n";
header += "Host: " + host + "\r\n";
header += "Content-Type: text/xml; charset=utf-8\r\n";
header += "Content-Length: " + soapMessage.Length.ToString() + "\r\n";
header += "Connection: close\r\n";
header += "SOAPAction: \"http://tempuri.org/" + webMethod + "\"\r\n\r\n";
string sendAsString = header + soapMessage;
byte[] sendAsBytes = Encoding.ASCII.GetBytes(sendAsString);
And next you’d fire off the request and fetch the response:
int numBytesSent = socket.Send(sendAsBytes, sendAsBytes.Length,
Console.WriteLine("Sending = " + numBytesSent + " bytes\n");
byte[] receiveBufferAsBytes = new byte[512];
string receiveAsString = "";
string entireReceive = "";
int numBytesReceived = 0;
while ((numBytesReceived = socket.Receive(receiveBufferAsBytes,
 512, SocketFlags.None)) > 0 )
  receiveAsString = Encoding.ASCII.GetString(receiveBufferAsBytes,
   0, numBytesReceived);
  entireReceive += receiveAsString;
Your test could conclude by converting the byte[] response into a string result and analyzing the result for an expected value of some sort. Using a low-level TCP/IP and socket aproach such as I’ve described is often useful for security-related testing. You can be sure that someone will probe your Web-based application using this technique and so you had better test using the technique.
This entry was posted in Software Test Automation. Bookmark the permalink.