Record sequence with external client
About this task
Important: During playback of a multi-step operation, in-session detection
is Off (see Login method). This means
that AppScan® does not verify that it is
logged in. Therefore, if the failure of the multi-step operation will cause the user
to be logged out of the application, it is important that login be recorded as part
of the sequence (so it will be replayed each time the sequence runs). If this is not
done the multi-step operation may fail.
To record the multi-step operation:
Procedure
-
Click Record sequence > External client and select the
client you want to use:
Option Description Postman AppScan® will open and automatically configure Postman to work with AppScan® as recording proxy (IP and port). AppScan® will then open its traffic recorder to record the requests you send from Postman. SoapUI AppScan® will open and automatically configure SoapUI to work with AppScan® as recording proxy (IP and port). AppScan® will then open its traffic recorder to record the requests you send from SoapUI. Note: The configuration change affects any other instances that are open during the session. Therefore it is recommended that you close any open instances before you start, and do not open any while you record. When you close AppScan, SoapUI is also closed, and the settings changed back to what they were before.Other Select this option if the client you want to use is installed on a different machine, or if you are using a client other than Postman or SoapUI on the same machine as AppScan®. You will be asked to open and configure your client manually, to use AppScan as proxy. AppScan's External Traffic Recorder opens, recording requests you send to your web service from the client. For details, seeExternal Traffic Recorder.
If you seleted Postman or SoapUI, it opens, and is configured to use AppScan as recording proxy.Note: AppScan can automatically configure Postman or SoapUI only if installed on the same machine as AppScan, otherwise you must select Other, and configure the client yourself in the next step. - If you selected External client > Other, open your client and configure it to use the port and IP shown at the top of the traffic recorder. If the client is on the same machine as AppScan, use the "Local IP" shown, otherwise use the "Remote IP".
-
With the External Traffic Recorder open with status "Waiting for incoming
connections", send your sequence of requests from the client to the web service.
Domains detected are listed in the left pane of the traffic recorder, and
requests in the right pane. When finished, click Stop
Recording.
Note: If the traffic does not appear in the recorder, see Postman and SoapUI troubleshooting.
-
Review the multi-step operation data, and in the left column, select the
domains you want to include.
Tip: If the total number of requests is more than 200, deleting some of them may produce a more efficient scan.Note: At this stage you can click Export to save the Explore data for use on another machine.
-
Click Save to close the traffic recorder.
The request based sequence appears in the Sequence pane (upper right). Sequences are automatically named in order: "Sequence 1", "Sequence 2" etc., but you can rename by typing into the name field.
-
Click Validate.
AppScan replays the sequence, and a green check-mark appears next each request or action that is successfully replayed. If a request or action is not successful a red X appears next to it. Options:
- Remove any unnecessary step by selecting it and clicking . After doing this click the Validate button, to check that the sequence still keeps in-session.
- Right-click on a step in the sequence and set to Don't Test. The URL will still be included when playing the sequence, but will not be tested individually.
- Right-click on a step that is set to be tested individually, and select Play sequence before testing request > No if it is not necessary to play the previous steps in the sequence each time this URL is tested.
What to do next
Related topic: