Recording traffic
You can record traffic as Explore data for DAST scans using the AppScan Activity Recorder browser extension (for Chrome or Edge), the HCL AppScan Traffic Recorder proxy server, or AppScan Standard.
Option | Description | Use cases |
---|---|---|
AppScan Activity Recorder | Browser extension for Chrome and Edge. | Record your own browsing activity and save as a
DAST.CONFIG file. Upload the file to ASoC when configuring your DAST scan. |
HCL AppScan Traffic Recorder | DAST proxy server. | Traffic Recorder instances can be created on demand (for example by
an automation framework such as Selenium), to automatically record
traffic and saved as a DAST.CONFIG file. Upload the
file to ASoC when configuring your DAST scan.Note: When you upload a recording of traffic
sent to a web API, select Run Test stage
only (in scan setup). ASoC DAST explore stage is not able to explore a web API.
|
AppScan Standard | Desktop application | If you have AppScan Standard installed,
you can take advantage of its advanced configuration options to
configure a scan and save it as a SCAN file. Use this
file to create your DAST scan in ASoC.You can
also record and validate the login procedure only, save it as a
|
Using the AppScan Activity Recorder
- Open your browser and install AppScan Activity Recorder.
- In a new browser tab, enter the Starting URL.
- Click the extension icon to start the recording and record your guided
explore stage. Note: You must be logged out of the application before you start the recording.
- When finished, click the extension icon again, to stop the recording. You will be prompted to save the DAST.CONFIG file.
Using the AppScan Traffic Recorder
The HCL AppScan Traffic Recorder enables you to record traffic to a web
service or web API, that can be saved as a DAST.CONFIG
file and
then used as explore data for an ASoC scan. For details, see
HCL AppScan Traffic Recorder.
Using AppScan Standard
For details of use cases and how to obtain AppScan Standard, see AppScan Standard
- Open the Configuration dialog box, and configure your AppScan scan with the starting URL for the scan, login, and any other settings needed.
- In AppScan Standard, click Manual Explore to open the built-in Activity Recorder and start recording.
- Log in to your application, and click the links you want tested in the scan.
- Click OK.
- Review the list of requests, edit if needed, and then click OK.
- Save the
SCAN
file and upload it to create an ASoC scan (see Creating a new scan from a scan file).
Recording the login using AppScan Standard
You can use ASoC to record the login procedure for your
application, export it as a LOGIN
file, and upload it to use in an
ASoC scan.
- Open the Configuration dialog box, and configure your AppScan scan with the starting URL for the scan.
- In Login Management view, select Login Method: Recorded.
- Click Record, and using the internal browser that opens, log in to
your application.
Both HTTP requests and user actions are recorded.
- When you are logged in, click I am logged in to the site.
The browser closes, and AppScan analyzes the sequence to identify an in-session page that can be used during scanning to verify when AppScan gets logged out, and when it is still logged in. When this is successful, the green key icon appears as confirmation.
- In the lower part of the dialog, click Export, to save this procedure
as a
LOGIN
file.