Describes recording Manual Explore data with Postman, SoapUI, or another external
client.
About this task
This sample workflow applies to recording a manual explore (from the Manual Explore
icon).Note: Postman and SoapUI are the prefered tools, but other clients can also be
used.
Note: You can configure and send requests from more than one external client
through the same instance of the External Traffic Recorder. All domains and requests will be
listed together.
To record the manual explore:
Procedure
-
On the toolbar, click Manual Explore > External client > and
then the client you want to use:
Option | Description |
---|
Postman |
AppScanĀ® will open and automatically
configure Postman to work with AppScan as recording
proxy (IP and port). AppScan will then open its
traffic recorder to record the requests you send from Postman. |
SoapUI |
AppScan will open and automatically
configure SoapUI to work with AppScan as recording
proxy (IP and port). AppScan will then open its
traffic recorder to record the requests you send from SoapUI. Note: The configuration change
affects any other instances that are open during the session. Therefore it is recommended
that you close any open instances before you start, and do not open any while you record.
When you close AppScan, SoapUI is also closed, and the settings changed back to what they
were before. For SSL, see SSL with SoapUI. |
Other |
Select this option if the client you want to use is installed on a different machine,
or if you are using a client other than Postman or SoapUI on the same machine as AppScan. You will be asked to open and configure your
client manually, to use AppScan as proxy. For SSL, see SSL with other external client |
AppScan's External Traffic Recorder opens, recording requests you send to your web
service from the client. For details, see External Traffic Recorder.
If you seleted Postman or SoapUI, it opens, and is configured to use
AppScan as recording proxy.
Note: AppScan can automatically configure Postman or SoapUI only if
installed on the same machine as AppScan, otherwise you must select Other, and configure the
client yourself in the next step.
-
If you selected External client > Other, open your client and configure it to use
the port and IP shown at the top of the traffic recorder. If the client is on the same machine
as AppScan, use the "Local IP" shown, otherwise use the "Remote IP".
-
With the External Traffic Recorder open with status "Waiting for incoming connections",
manually explore the web service from your client. As you explore, domains detected are
listed in the left pane of the traffic recorder, and requests in the right pane. When
finished, click Stop Recording.
-
Review the Manual Explore data and in the left column select the domains you want
included in the scan.
Tip: If the total number of requests is more than 200, deleting some of them
may produce a more efficient scan.
Note: At this stage you can click Export to save the Explore data
for use on another machine.
-
Click Save to close the traffic recorder.
AppScan analyzes the explore data and prepares tests to send. When this is
completed, you can start the Test stage.
-
To start the Test stage of your scan, click Scan > Test Only