Proxy Port |
Specifies which port AppScan uses. When using AppScan as a proxy server
you need to configure the external browser or mobile device to use
this port. Use the check box to select whether AppScan selects
an available port automatically, or lets you choose the port. Note
that if the port is chosen automatically it may change between sessions,
and you will therefore need to re-configure your mobile device. |
External Connections |
This setting determines which connections
to external domains are accepted.
- Reject all
- (Default) Connection attempts from all external IPs will be rejected.
Use this setting only if you will be exploring using an application
on the same machine as AppScan.
- Accept white list only
- Connections from external IPs that appear on the white list will
be accepted; all others will be rejected.
- Accept white list and prompt for others
- Connections from external IPs that appear on the white list will
be accepted automatically; for all others the AppScan user will be prompted,
with the option of adding the new IP to the white list. Note that
prompts are seen only if the External Traffic Recorder is open.
|
White List |
Connections from IPs listed here will be
accepted automatically. To add new IPs to the list, click  , and select an option:
- To add a single IP to the list, type in the IP and optionally
a description.
Tip: If you will be using a remote device
but are not sure of its IP address, or if it changes frequently, select White List and prompt for others. The first time the
device connects with a new IP, a pop-up appears giving you the option
to add it to the white list.
- To add a range of IP addresses, add an IPv4 address and
subnet mask, or an IPv6 address and subnet prefix length, and optionally
a description.
|
AppScan SSL Certificate |
If the server uses HTTPS, since AppScan has
to act as a proxy in order to record the traffic between the web service
and the device you use to manually explore, it will be sending SSL
certificates to the device instead of the web service's certificate.
When a browser receives an unrecognized certificate it typically warns
the user with a pop-up, but in the case of a mobile device the request
is usually just ignored. It is therefore impossible to explore the
application unless the AppScan certificate is accepted on the device
sending the requests.
- Add
- Adds the AppScan SSL certificate to the root certificates on this
machine.
- You must do this to allow sending requests to the web service.
The AppScan certificate will be added to the root certificate, and
requests from the web service to the simulator will not be rejected.
Note: After you have added the certificate, the button changes to Remove, and can be used to remove the certificate from
the AppScan machine.
- Export
- Saves the AppScan SSL certificate that is currently installed
on this machine, as a ZIP file, so it can be added manually to
the root certificates on a different device. Note that you do not
usually need to do this, as you can import the certificate directly
from the device in most cases.
- In AppScan, click Scan > Manual Explore > Using External
Device
The External Traffic Recorder opens with status
"Waiting for incoming connections". Important: Leave it
open for the next sub-steps.
- On the mobile device, browse to
http://appscan
- In AppScan, if you are prompted to allow an incoming connection
from your device, click OK.
When the device
connects successfully to AppScan as its proxy, a message (on the device)
confirms the connection, IP and port. If the certificate is installed
on the AppScan machine, it also provides a button to install it on
the device. Note: If the button is grayed out, the certificate is not
installed on the AppScan machine. Note: The device's domain
and request will appear in the External Traffic Recorder lists.
- On the mobile device, tap Install AppScan SSL Certificate
The certificate is installed. Note: If the device is unable to
access the application you are testing after this procedure, you need
to install the certificate (onto the remote device or application)
manually:
- In AppScan, open Tools > Options > Recording Proxy
- Click Export and save the certificate as
a ZIP file.
- Install the certificate as a root certificate on the device or
application.
- When finished, click Cancel on the External
Traffic Recorder, to close it.
Note: This option is active only if the certificate is already
added to the root certificates on this machine. Attention: The AppScan certificate that is exported must be
identical to the one installed locally. If you Remove the local certificate and then Add again,
you must also reinstall it on the device, as the new certificate is
not identical to the previous one.
|
