Using an external client

Manual Explore enables you to focus the scan on specific parts of your web services.

Procedure

  1. Click the plus icon > External client > and then select the client you want to use:
    OptionDescription
    Postman ADAC will open and automatically configure Postman to work with ADAC as recording proxy (IP and port). ADAC will then open its traffic recorder to record the requests you send from Postman.
    SoapUI ADAC will open and automatically configure SoapUI to work with ADAC as recording proxy (IP and port). ADAC will then open its traffic recorder to record the requests you send from SoapUI.
    Note: The configuration change affects any other instances that are open during the session. Therefore it is recommended that you close any open instances before you start, and do not open any while you record. When you close ADAC, SoapUI is also closed, and the settings changed back to what they were before.
    Other Select this option if the client you want to use is installed on a different machine, or if you are using a client other than Postman or SoapUI on the same machine as ADAC. You will be asked to open and configure your client manually, to use ADAC as proxy.

    The External Traffic Recorder opens, recording requests you send to your web service from the client. For details see External Traffic Recorder

    If you seleted Postman or SoapUI, it also opens, and is configured to use ADAC as recording proxy.
    Note: ADAC can automatically configure Postman or SoapUI only if installed on the same machine as AppScan, otherwise you must select Other, and configure the client yourself in the next step.
  2. If you selected External client > Other, open your client and configure it to use the port and IP shown at the top of the traffic recorder. If the client is on the same machine as ADAC, use the "Local IP" shown, otherwise use the "Remote IP".
  3. With the External Traffic Recorder open with status "Waiting for incoming connections", manually explore the web service from your client. As you explore, domains detected are listed in the left pane of the traffic recorder, and requests in the right pane. When finished, click Stop Recording.
    Note: If the traffic does not appear in the traffic recorder, refer to Traffic recorder troubleshooting.
  4. Review the Manual Explore data:, and in the left column, select the domains you want included in the scan.
    Tip: If the total number of requests is more than 200, deleting some of them may produce a more efficient scan.
  5. Click Save to close the traffic recorder.
    For each recorded sequence (when selected), the right hand pane shows the URLs that you explored.
    Tip: You can remove unwanted steps from the sequence by selecting the specific URL and clicking the minus icon