AppScan Activity Recorder

Record traffic and actions to use in an AppScan Dynamic Analysis scan

Use the AppScan Activity Recorder to record traffic and actions for use in an AppScan Dynamic Analysis scan. Capture manual crawl, login, and multi-step data (traffic and actions). Recording Traffic: To record browser activity, 1. Before recording, log out from the site you intend to record and disable auto-sign in/auto-fill from Chrome settings. This enables the extension to record all browser tab activity. 2. From the Chrome Web Store, click Add to Chrome to add the recorder extension to the Chrome browser. 3. Open the website you want to record. 4. On the address bar, click the AppScan Activity Recorder extension icon to start recording the browsing activity. The AppScan extension icon blinks indicating it is recording the activity. Note: The extension icon’s tooltip displays the domain URL being recorded. This is particularly useful when you are accessing different sites in the same Chrome browser instance. 5. Perform the browsing activity, leaving the system tray window open. This extension records browser traffic including request/response and user actions. The scope of recording is only for the tab where the extension is invoked; no activity is recorded for other tabs. 6. To stop recording: • Click the AppScan extension icon to stop recording, or • Click 'Cancel' in the Chrome debugging message dialog box. The extension prompts you to save the recording in *.dast.config file format. Extension Options: The AppScan Activity Recorder extension includes options to view recording activity in a debugger window and to enable encryption. To set AppScan Activity Recorder options: 1. Open the Options page: a. Right-click the extension icon and select 'Options', or b. From the Chrome Extensions management page, select 'Details' > 'Extension options' for the extension. 2. Select options. • Debugger Selection: • Show debugger during recording: Show user activity in a separate window. In normal mode (without the debugger window enabled), the system tray window displays recording information only. • Encryption Selection: • No Encryption: Recorded data will not be encrypted. • Default Encryption: Encrypt the recording to prevent exposure of sensitive recorded information. Uses a common mechanism supported across all environments. Encrypted recorded files with Default Encryption are supported in HCL AppScan Enterprise version 10.4.0 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise and HCL AppScan on Cloud. • Advanced Encryption: Utilizes an environment-specific encryption mechanism to prevent exposure of sensitive recorded information. This option reveals additional product selection options. Encrypted recorded files with Advanced Encryption are supported in HCL AppScan Enterprise version 10.10.0 and above, HCL Appscan 360° version 2.0.1 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise, HCL Appscan 360° and HCL AppScan on Cloud. • Product Selection (Visible only if Advanced Encryption is selected): • AppScan on Cloud: Allows selection of the US or EU region for AppScan on Cloud. • AppScan on Premises or Private Cloud: Provides input fields for up to three deployment URLs. At least one URL is mandatory if this option is selected. 3. Click 'Save'. Saves the selected options to Chrome's local storage. If 'Advanced Encryption' is chosen, • Validates that at least one product is chosen and, if "onPrem" is selected, at least one URL is provided. • Fetches and validates encryption keys from the provided URLs or region endpoints. • Access to these URLs or region endpoints is essential for saving the options. The saved options will then be used for subsequent recordings. Notes: • Analysis of recordings from websites using HTTP/2 is not currently supported. • On Chrome Version 84.0.4147.105 (Official Build released on July 28th, 2020) (64-bit) and newer, the info banner lingers after the recording is stopped explicitly via the AppScan Activity Recorder icon. This does not hamper the saved recording or the extension functionality in any way. The Chrome Web Store Dev Support team has confirmed this as an intentional change. Click 'Cancel' to dismiss the banner. • The "runtime_blocked_hosts" extension settings GPO policy to validate the URL to record traffic is not supported from version 2.0.0. Changelog: • 2.1.0 - Support for environment-specific encryption. • 2.0.1 - Bug fixes • 2.0.0 - Migrated from Manifest V2 to Manifest V3 • 1.1.0 - Support to encrypt recorded files. - Bug fixes. • 1.0.10 - Updated AppScan icons. • 1.0.9 - Support for adding browser version and debug option to recorded traffic file. - Bug Fixes related to GPO support. • 1.0.8 - Support for "runtime_blocked_hosts" Extension settings GPO policy to validate the URL to record traffic. Follow instructions in “Set Chrome app and extension policies (Windows)” in this link: https://support.google.com/chrome/a/answer/7532015 to set "runtime_blocked_hosts" Extension settings GPO policy in Chrome Browser. Follow instructions in “Configure Microsoft Edge policy settings on Windows” in this link: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge to set "runtime_blocked_hosts" Extension settings GPO policy in Edge Browser. - Capture AppScan Activity Recorder version info in recorded traffic file. • 1.0.7 - Fixed a bug to resolve issues wherein partial headers and HTML response were being captured in recorded traffic files. • 1.0.6 - Support for the new Edge version released on January 15th, 2020 and downloadable from "https://support.microsoft.com/en-in/help/4501095/download-the-new-microsoft-edge-based-on-chromium". Follow instructions in “To add an extension to Microsoft Edge from the Chrome Web Store” in this link: "https://support.microsoft.com/en-us/help/4538971/microsoft-edge-add-or-remove-extensions" to install AppScan Activity Recorder extension in Edge. • 1.0.4 - Support to start recording from a blank URL. • 1.0.3 - Support for log window to record cookies, actions and the requests being hit. • 1.0.0 - First release