AppScan Activity Recorder

Record traffic and actions to use in an AppScan Dynamic Analysis scan

AppScan Activity Recorder simplifies web application security testing. It allows you to capture manual crawl, login, and multi-step data (traffic and actions) for an AppScan Dynamic Analysis scan. Usage Instructions: • Open a website to record its browsing activity in the Chrome browser. • On the address bar, click the AppScan Activity Recorder extension icon to start recording the browsing activity. • The AppScan extension icon blinks indicating progress in recording the activity. • Tip: The extension icon’s tooltip displays the domain URL being recorded. This is particularly useful when you are accessing different sites in same chrome browser instance. • Perform the browsing activity. • Click the AppScan extension icon to stop recording. Or • Click Cancel in the chrome debugging message dialog box to stop recording. • The browser prompts you to save the recording in *.dast.config file format. Options page: Access the options page by right-clicking the extension icon in the toolbar and then selecting options. Or navigate to the options page by, first, opening chrome://extensions, locating the "AppScan Activity Recorder" extension, clicking Details, and then selecting the "Extension options" link. • Open debugger window: This option shows the user activity in a separate window. • Enable encryption: This option allows encryption of the recording to prevent exposure of recorded information. Note: Encrypted recorded files will be supported in HCL AppScan Enterprise version 10.4.0 and above and HCL AppScan on Cloud. Any HCL AppScan Integrations as for e.g. HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, which integrate with HCL AppScan Enterprise and HCL AppScan on Cloud will also support encrypted recorded files for DAST Scans execution. Changelog: • 1.1.0 - Support to encrypt recorded files. - Bug fixes. • 1.0.10 - Updated AppScan icons. • 1.0.9 - Support for adding browser version and debug option to recorded traffic file. - Bug Fixes related to GPO support. • 1.0.8 - Support for "runtime_blocked_hosts" Extension settings GPO policy to validate the URL to record traffic. Follow instructions in “Set Chrome app and extension policies (Windows)” in this link: https://support.google.com/chrome/a/answer/7532015 to set "runtime_blocked_hosts" Extension settings GPO policy in Chrome Browser. Follow instructions in “Configure Microsoft Edge policy settings on Windows” in this link: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge to set "runtime_blocked_hosts" Extension settings GPO policy in Edge Browser. - Capture AppScan Activity Recorder version info in recorded traffic file. • 1.0.7 - Fixed a bug to resolve issues wherein partial headers and HTML response were being captured in recorded traffic files. • 1.0.6 - Support for the new Edge version released on January 15th, 2020 and downloadable from "https://support.microsoft.com/en-in/help/4501095/download-the-new-microsoft-edge-based-on-chromium". Follow instructions in “To add an extension to Microsoft Edge from the Chrome Web Store” in this link: "https://support.microsoft.com/en-us/help/4538971/microsoft-edge-add-or-remove-extensions" to install AppScan Activity Recorder extension in Edge. • 1.0.4 - Support to start recording from a blank URL. • 1.0.3 - Support for log window to records cookies, actions and the requests being hit. • 1.0.0 - First release NOTES: • This extension will record browser traffic that includes request/response and user actions. Scope of recording is only for the current “active” tab where the extension is invoked. No activity is recorded for other tabs even if user switches to those. • Before starting the recording, it is recommended to logout from the site; disable auto-sign in/ auto-fill from Chrome settings to enable this extension to record all Browser tab activity. • Analysis of recordings from websites using HTTP/2 is not currently supported by AppScan. • From Chrome Version 84.0.4147.105 (Official Build) (64-bit) released on July 28th, 2020, you will see the info banner lingering even after the recording is stopped explicitly via the AppScan Activity Recorder icon. Please note this will not hamper the saved recording or the extension functionality in any way. Chrome WebStore Dev Support team has confirmed this as an intentional change. Please click on “Cancel” to dismiss the banner. • When Extension GPO policy "runtime_blocked_hosts" is set, during the recording of a non-blocked host, if you change the URL to blocked host URL then the final recording will have recording data from both sites.