How do you record the traffic (explored URLs) from an external browser such as Internet Explorer, FireFox, or SoapUI in IBM Security AppScan Standard?
When manually exploring your application with the AppScan browser, all HTTP/HTTPS traffic between the AppScan browser and your application is routed through the AppScan Standard instance, which records the traversed URLs.
This feature can be used to record in AppScan the URLs explored by any external browser that supports proxy, such as Internet Explorer, FireFox, SoapUI, Chrome, Safari, Opera, and more.
Note: You can also substitute the AppScan build-in browser with IE, FireFox, or Chome, as described in technote #1645651: How to substitute the built-in AppScan browser.
Note: If the external explorer is on a remote machine, make additional configuration as described in the technote #1455781 - How to perform a manual explore from a remote machine
Record the explored URLs as follows:
- Verify that the external browser can access the site.
- Check the browser proxy settings and mimic them in AppScan, by setting Scan Configuration > Communication and Proxy > Proxy to:
- Don't use proxy - if the browser doesn't use any proxy
- Use custom proxy settings - if the browser uses a proxy, and in that case also set Address and Port to the same as the external browser.
- Find the AppScan listening port:
- In AppScan, open Tools > Options > Scan Options.
- The port is found in the AppScan proxy port field.
- Configure the external browser to use AppScan as its proxy:
- In your browser, find the section for configuring a proxy server.
- Change the address or hostname to the IP address used by the machine running AppScan (localhost is usually an acceptable entry), and change the port to the AppScan listening port.
- You may need to restart the browser to apply the proxy settings.
- Start the AppScan URL recorder by opening Scan > Manual Explore.
The AppScan browser will open. Leave it open.
- Explore your application with the external browser.
- When you have finished exploring:
- Close the AppScan browser.
The the Manual Explore Sequence dialog will open, showing all recorded URLs.
- Press OK in the dialog to add these URLs to AppScan.
- Close the AppScan browser.
Note: Remember to restore the proxy setting in the external browser.
An example of configuring your IE browser to send HTTP traffic to the AppScan proxy:
- In AppScan Standard open Tools > Options > Scan Options.
Assume that AppScan proxy port is set to 4744.
- In Internet Explorer open Tools > Internet Options > Connections > LAN Settings, and select the check box in the Proxy Server section.
Enter: Address: localhost and Port: 4744
- Restart Internet Explore to apply the change.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.