How to record the traffic from an external browser in AppScan Standard
How do you record the traffic (explored URLs) from an external browser such as Internet Explorer, FireFox, or SoapUI in IBM Security AppScan Standard version 9.0 and later?
When manually exploring your application with the AppScan browser, all HTTP/HTTPS traffic between the AppScan browser and your application is routed through the AppScan Standard instance, which records the traversed URLs.
This feature can be used to record in AppScan the URLs explored by any external browser that supports proxy, such as Internet Explorer, FireFox, SoapUI, Chrome, Safari, Opera, and more.
- In many cases, you can substitute the AppScan build-in browser with IE, FireFox, or Chome, as described in technote How to substitute the built-in AppScan browser.
- If you have AppScan Standard version 8.8 consult How to record the traffic from an external browser in AppScan Standard 8.8 and earlier.
- If you explore REST web services, consult technote How to scan Rest Web Services and video Scanning Web Services with AppScan as Recording Proxy.
Record the explored URLs in a configuration as follows:
- Verify that the external browser can access the site, and make sure the starting URL is correct in the scan (in Configuration > URL and Servers)
- Check the browser proxy settings and mimic them in AppScan, by setting Configuration > Communication and Proxy > Proxy to:
- Don't use proxy - if the browser doesn't use any proxy
- Use custom proxy settings - if the browser uses a proxy, and in that case also set Address and Port to the same as the external browser.
- Open AppScan Traffic Recorder
Start the Traffic Recorder with Scan > Manual Explore > Using external device.
The Traffic Recorder will look as follows. Note the port number (in red circle) of the AppScan proxy.
- Configure the external browser (IE, Chrome, FireFox,...) to use AppScan as its proxy:
- In your browser, find the section for configuring a proxy server.
- Change the address or hostname to the IP address used by the machine running AppScan (localhost is usually an acceptable entry), and change the port to the AppScan Traffic Recorder port.
- You may need to restart the browser to apply the proxy settings.
- Explore your application with the external browser.
- When you have finished exploring, click OK in the External Traffic Recorder browser.
Note: Remember to restore the proxy setting in the external browser.
An example of configuring your IE browser to send HTTP traffic to the AppScan proxy:
- In AppScan Standard open Tools > Options > Scan Options.
Assume that AppScan proxy port is set to 4744.
- In Internet Explorer open Tools > Internet Options > Connections > LAN Settings, and select the check box in the Proxy Server section.
Enter: Address: localhost and Port: 4744
- Restart Internet Explore to apply the change.
More support for:
IBM Security AppScan Standard
Software version: 9.0, 184.108.40.206, 9.0.1, 220.127.116.11, 9.0.2, 18.104.22.168, 9.0.3, 22.214.171.124, 126.96.36.199, 188.8.131.52
Operating system(s): Windows
Reference #: 1287443
Modified date: 01 September 2016
Translate this page: