Capturing Response


Captures are optional values captured from the HTTP response, in a named variable. Captures can be the response status code, part or the entire of the body, and response headers.

Captured variables are available through a run session; each new value of a given variable overrides the last value.

Captures allow using data from one request to another request, when working with CSRF tokens for instance. Variables can also be initialized at the start of the session, by passing variable values, or can used in templates

# An example to show how to pass a CSRF token from one request
# to another:

# First GET request to get CSRF token value:

HTTP/1.1 200
# Capture the CSRF token value from html body.
csrf_token: xpath "normalize-space(//meta[@name='_csrf_token']/@content)"

# Do the login !
X-CSRF-TOKEN: {{csrf_token}}

HTTP/1.1 302

Structure of a capture:

A capture consists of a variable name, followed by : and a query. The captures section starts with [Captures].


Query can be of the following type:

Status capture

Capture the received HTTP response status code. Status capture consists of a variable name, followed by a :, and the keyword status.


HTTP/1.1 200
my_status: status

Header capture

Capture a header from the received HTTP response headers. Header capture consists of a variable name, followed by a :, then the keyword header and a header name.

user: toto
password: 12345678

HTTP/1.1 302
next_url: header "Location"

Capture a Set-Cookie header from the received HTTP response headers. Cookie capture consists of a variable name, followed by a :, then the keyword cookie and a cookie name.


HTTP/1.0 200
session-id: cookie "LSID"

Cookie attributes value can also be captured by using the following format: <cookie-name>[cookie-attribute]. The following attributes are supported: Value, Expires, Max-Age, Domain, Path, Secure, HttpOnly and SameSite.


HTTP/1.0 200
value1: cookie "LSID"
value2: cookie "LSID[Value]"     # Equivalent to the previous capture
expires: cookie "LSID[Expires]"
max-age: cookie "LSID[Max-Age]"
domain: cookie "LSID[Domain]"
path: cookie "LSID[Path]"
secure: cookie "LSID[Secure]"
http-only: cookie "LSID[HttpOnly]"
same-site: cookie "LSID[SameSite]"

Body capture

Capture the entire body (decoded as text) from the received HTTP response


HTTP/1.1 200
my_body: body

XPath capture

Capture a XPath query from the received HTTP body decoded as a string. Currently, only XPath 1.0 expression can be used.


# Capture the identifier from the dom node <div id="pet0">5646eaf23</div
HTTP/1.1 200
ped-id: xpath "normalize-space(//div[@id='pet0'])"

# Open the captured page.

HTTP/1.1 200

XPath captures are not limited to node values (like string, or boolean); any valid XPath can be captured and assert with variable asserts.

# Test that the XML endpoint return 200 pets
HTTP/* 200
pets: xpath "//pets"
variable "pets" countEquals 200

JSONPath capture

Capture a JSONPath query from the received HTTP body.

token: {{token}}

HTTP/1.1 200
contact-id: jsonpath "$['id']"

Explain that the value selected by the JSONPath is coerced to a string when only one node is selected.

As with XPath captures, JSONPath captures can be anything from string, number, to object and collections. For instance, if we have a JSON endpoint that returns the following JSON:

  "a_null": null,
  "an_object": {
    "id": "123"
  "a_list": [
  "an_integer": 1,
  "a float": 1.1,
  "a_bool": true,
  "a_string": "hello"

We can capture the following paths:

HTTP/1.0 200
an_object:  jsonpath "$['an_object']"
a_list:     jsonpath "$['a_list']"
a_null:     jsonpath "$['a_null']"
an_integer: jsonpath "$['an_integer']"
a_float:    jsonpath "$['a_float']"
a_bool:     jsonpath "$['a_bool']"
a_string:   jsonpath "$['a_string']"
all:        jsonpath "$"

Regex capture

Capture a regex pattern from the HTTP received body, decoded as text.


HTTP/1.0 200
id_a: regex "id_a:([0-9]+)!"
id_b: regex "id_b:(\\d+)!"
name: regex "Hello ([a-zA-Z]+)!"

Pattern of the regex query must have at least one capture group, otherwise the capture will fail. Special characters beginning with a backslash in the pattern (like \d, \s) must be escaped: regex "(\\d+)!" will capture one or more digit.

raw string for specifying pattern could be used in a future version.

Variable capture

Duration capture

Capture the response time of the request in ms.


HTTP/1.0 200
duration_in_ms: duration


Optionally, the query can be refined using a subquery. Currently, only regex are supported: