Record traffic and actions to use in an AppScan Dynamic Analysis scan
AppScan Activity Recorder simplifies web application security testing. It allows you to capture manual crawl, login, and multi-step data (traffic and actions) for an AppScan Dynamic Analysis scan.
• Open a website to record its browsing activity in the Chrome browser.
• On the address bar, click the AppScan Activity Recorder extension icon to start recording the browsing activity.
• The AppScan extension icon blinks indicating progress in recording the activity.
• Tip: The extension icon’s tooltip displays the domain URL being recorded. This is particularly useful when you are accessing different sites in same chrome browser instance.
• Perform the browsing activity.
• Click the AppScan extension icon to stop recording.
• Click Cancel in the chrome debugging message dialog box to stop recording.
• The browser prompts you to save the recording in *.dast.config file format.
• 1.0.0 - First release
• 1.0.3 - Support for log window to records cookies, actions and the requests being hit.
• 1.0.4 - Support start recording from a blank URL.
• 1.0.6 - Support for the new Edge version released on January 15th, 2020 and downloadable from "https://support.microsoft.com/en-in/help/4501095/download-the-new-microsoft-edge-based-on-chromium". Follow instructions in “To add an extension to Microsoft Edge from the Chrome Web Store” in this link: "https://support.microsoft.com/en-us/help/4538971/microsoft-edge-add-or-remove-extensions" to install AppScan Activity Recorder extension in Edge.
• 1.0.7 - Fixed a bug to resolve issues wherein partial headers and HTML response were being captured in recorded traffic files.
• 1.0.8 - Support for "runtime_blocked_hosts" Extension settings GPO policy to validate the URL to record traffic. Follow instructions in “Set Chrome app and extension policies (Windows)” in this link: https://support.google.com/chrome/a/answer/7532015 to set "runtime_blocked_hosts" Extension settings GPO policy in Chrome Browser. Follow instructions in “Configure Microsoft Edge policy settings on Windows” in this link: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge to set "runtime_blocked_hosts" Extension settings GPO policy in Edge Browser.
- Capture AppScan Activity Recorder version info in recorded traffic file.
• 1.0.9 – Support for adding browser version and debug option to recorded traffic file.
- Bug Fixes related to GPO support.
• This extension will record browser traffic that includes request/response and user actions. Scope of recording is only for the current “active” tab where the extension is invoked. No activity is recorded for other tabs even if user switches to those.
• Before starting the recording, it is recommended to logout from the site; disable auto-sign in/ auto-fill from Chrome settings to enable this extension to record all Browser tab activity.
• Analysis of recordings from websites using HTTP/2 is not currently supported by AppScan.
• From Chrome Version 84.0.4147.105 (Official Build) (64-bit) released on July 28th, 2020, you will see the info banner lingering even after the recording is stopped explicitly via the AppScan Activity Recorder icon. Please note this will not hamper the saved recording or the extension functionality in any way. Chrome WebStore Dev Support team has confirmed this as an intentional change. Please click on “Cancel” to dismiss the banner.
• When Extension GPO policy "runtime_blocked_hosts" is set, during the recording of a non-blocked host, if you change the URL to blocked host URL then the final recording will have recording data from both sites.