Using AppScan as a proxy server

You can set AppScan to act as a proxy server and then manually explore your application using a third part browsing utility (browser, web services client, Automatic Explore script, mobile phone and so on) through AppScan. In this mode of operation, AppScan records the HTTP/HTTPS traffic going through it, analyzes it, and creates the appropriate tests.

About this task

Note: Exploring with AppScan as a proxy server can be used to explore SOAP and non-SOAP web services, or in cases where the application client is not compatible with Internet Explorer. By configuring your web services client to use AppScan as a proxy, AppScan will collect the requests to the web service as sent by the client. GSC (Generic Service Client), supplied with AppScan®, is used for this purpose for SOAP web services. See Exploring with the External Traffic Recorder.
Note: In the unlikely event of the AppScan browser producing error messages while your external browser does not, you may use this facility to browse manually using an external browser, with AppScan as proxy. (If this happens, contact the AppScan support team so the issue can be resolved.)

Procedure

  1. Make sure that AppScan is not configured to use Internet Explorer proxy settings. In Scan Configuration > Connection View, do one of the following:
    • Select Don't use proxy
    • Select Use custom proxy settings; type in proxy address, port, and authentication information.
    Note: If you do not do this the setting is automatically changed to Don't use proxy when you start exploring.
  2. Find the AppScan listening port. Open Tools > Options > Recording Proxy tab (see Recording Proxy tab).

    The Proxy Port area shows the port that AppScan is using to listen to traffic going to the web application. It may be a port that AppScan assigned to itself (the port number you are looking for will be gray), or a port that you selected manually.

  3. Configure your web browser to use AppScan as its proxy:

    In your browser, find the section for configuring a proxy server. Change the hostname or address to the IP address (localhost is usually an acceptable entry) in use by the machine running AppScan, and change the port to the AppScan listening port.

  4. Perform a Manual Explore of your application (see Using AppScan for full details):
    1. Click Scan > Manual Explore, to open the AppScan internal browser.
    2. Without closing the internal browser, open your external browser.
    3. Manually explore the application as necessary.
    4. Close the external browser.
    5. Close the AppScan internal browser.