ijbfdoojnepibegmkhhilmeijonibmcn
Record traffic and actions to use in an AppScan Dynamic Analysis scan Use the AppScan Activity Recorder to record traffic and actions for use in an AppScan Dynamic Analysis scan. Capture manual crawl, login, and multi-step data (traffic and actions). Recording Traffic: To record browser activity, 1. Before recording, log out from the site you intend to record and disable auto-sign in/auto-fill from Chrome settings. This enables the extension to record all browser tab activity. 2. From the Chrome Web Store, click Add to Chrome to add the recorder extension to the Chrome browser. 3. Open the website you want to record. 4. On the address bar, click the AppScan Activity Recorder extension icon to start recording the browsing activity. The AppScan extension icon blinks indicating it is recording the activity. Note: The extension icon’s tooltip displays the domain URL being recorded. This is particularly useful when you are accessing different sites in the same Chrome browser instance. 5. Perform the browsing activity, leaving the system tray window open. This extension records browser traffic including request/response and user actions. The scope of recording is only for the tab where the extension is invoked; no activity is recorded for other tabs. 6. To stop recording: • Click the AppScan extension icon to stop recording, or • Click 'Cancel' in the Chrome debugging message dialog box. The extension prompts you to save the recording in *.dast.config file format. Extension Options: The AppScan Activity Recorder extension includes options to view recording activity in a debugger window and to enable encryption. To set AppScan Activity Recorder options: 1. Open the Options page: a. Right-click the extension icon and select 'Options', or b. From the Chrome Extensions management page, select 'Details' > 'Extension options' for the extension. 2. Select options. • Debugger Selection: • Show debugger during recording: Show user activity in a separate window. In normal mode (without the debugger window enabled), the system tray window displays recording information only. • Encryption Selection: • No Encryption: Recorded data will not be encrypted. • Default Encryption: Encrypt the recording to prevent exposure of sensitive recorded information. Uses a common mechanism supported across all environments. Encrypted recorded files with Default Encryption are supported in HCL AppScan Enterprise version 10.4.0 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise and HCL AppScan on Cloud. • Advanced Encryption: Utilizes an environment-specific encryption mechanism to prevent exposure of sensitive recorded information. This option reveals additional product selection options. Encrypted recorded files with Advanced Encryption are supported in HCL AppScan Enterprise version 10.10.0 and above, HCL Appscan 360° version 2.0.1 and above, HCL AppScan on Cloud, and any HCL AppScan integrations (HCL AppScan Jenkins and HCL AppScan Azure DevOps Plugins, for example) that integrate with HCL AppScan Enterprise, HCL Appscan 360° and HCL AppScan on Cloud. • Product Selection (Visible only if Advanced Encryption is selected): • AppScan on Cloud: Allows selection of the US or EU region for AppScan on Cloud. • AppScan on Premises or Private Cloud: Provides input fields for up to three deployment URLs. At least one URL is mandatory if this option is selected. 3. Click 'Save'. Saves the selected options to Chrome's local storage. If 'Advanced Encryption' is chosen, • Validates that at least one product is chosen and, if "onPrem" is selected, at least one URL is provided. • Fetches and validates encryption keys from the provided URLs or region endpoints. • Access to these URLs or region endpoints is essential for saving the options. The saved options will then be used for subsequent recordings. Notes: • Analysis of recordings from websites using HTTP/2 is not currently supported. • On Chrome Version 84.0.4147.105 (Official Build released on July 28th, 2020) (64-bit) and newer, the info banner lingers after the recording is stopped explicitly via the AppScan Activity Recorder icon. This does not hamper the saved recording or the extension functionality in any way. The Chrome Web Store Dev Support team has confirmed this as an intentional change. Click 'Cancel' to dismiss the banner. • The "runtime_blocked_hosts" extension settings GPO policy to validate the URL to record traffic is not supported from version 2.0.0. Changelog: • 2.1.0 - Support for environment-specific encryption. • 2.0.1 - Bug fixes • 2.0.0 - Migrated from Manifest V2 to Manifest V3 • 1.1.0 - Support to encrypt recorded files. - Bug fixes. • 1.0.10 - Updated AppScan icons. • 1.0.9 - Support for adding browser version and debug option to recorded traffic file. - Bug Fixes related to GPO support. • 1.0.8 - Support for "runtime_blocked_hosts" Extension settings GPO policy to validate the URL to record traffic. Follow instructions in “Set Chrome app and extension policies (Windows)” in this link: https://support.google.com/chrome/a/answer/7532015 to set "runtime_blocked_hosts" Extension settings GPO policy in Chrome Browser. Follow instructions in “Configure Microsoft Edge policy settings on Windows” in this link: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge to set "runtime_blocked_hosts" Extension settings GPO policy in Edge Browser. - Capture AppScan Activity Recorder version info in recorded traffic file. • 1.0.7 - Fixed a bug to resolve issues wherein partial headers and HTML response were being captured in recorded traffic files. • 1.0.6 - Support for the new Edge version released on January 15th, 2020 and downloadable from "https://support.microsoft.com/en-in/help/4501095/download-the-new-microsoft-edge-based-on-chromium". Follow instructions in “To add an extension to Microsoft Edge from the Chrome Web Store” in this link: "https://support.microsoft.com/en-us/help/4538971/microsoft-edge-add-or-remove-extensions" to install AppScan Activity Recorder extension in Edge. • 1.0.4 - Support to start recording from a blank URL. • 1.0.3 - Support for log window to record cookies, actions and the requests being hit. • 1.0.0 - First release
Qualys Browser Recorder
Qualys Browser Recorder is a free browser extension to record & play back scripts of any web application. Qualys Browser Recorder is a free browser extension to record & play back scripts for web application automation testing. Qualys Browser Recorder includes the entire Selenium Core, allowing you to capture web elements and record actions in the browser to let you generate, edit, and play back automated test cases quickly and easily. The authors would like to thank contributors to SideeX, Selenium Core, and Selenium IDE. Qualys Browser Recorder would not have been possible without their valuable work, time, and effort. https://www.qualys.com/docs/qualys-browser-recorder-user-guide.pdf
Vulners Web Scanner
Tiny vulnerability scanner based on vulners.com vulnerability database. Passively scan websites while you surf internet! Tiny vulnerability security scanner based on vulners.com vulnerability database. It provides you ability to passively scan websites that you surf, on known vulnerabilities.
d3coder
Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion This extension enables you to encode and decode selected text via the context menu. This reduces the time you spend on looking up values and gives you more time to concentrate on the important things of development. The context menu this extension enables is customizable through the options page. To get there either click on the item or go to Wrench -> Tools -> Extensions -> d3coder options. Via the popup you are able to choose between four message types: alert the result, adding a DIV-element to the bottom of the page, via console.log() or replacing the selected text on the page. You can also deactivate functions(e.g. if you don't need them and want to free the space they use). The current version has implemented the following en-/decoding functions:
Rapid7 AppSec Plugin
The Rapid7 AppSec plugin works with Rapid7 Application Security and AppSpider dynamic application security testing solutions to improve application scanning coverage and assist in validating vulnerabilities with these capabilities: Macro Recording - Use the plugin to record macros required by Application Security and AppSpider Enterprise when selecting the Macro Authentication scan configuration. Macro Authentication enables the crawling engine of Application Security and AppSpider to authenticate with complex login workflows. Vulnerability Validator - Use the vulnerability validator in conjunction with the Attack Replay feature in Application Security and AppSpider. This feature of the Chrome plugin enables users to replay and edit recorded traffic generated during an Application Security or AppSpider scan. Bootstrap Authentication - The Chrome plugin is required to use AppSpider Enterprise's Bootstrap Authentication feature, which gives the user the ability to interactively login to the target application during an active scan. Used for login workflows that require human interaction for example 2FA (Two-factor authentication). Traffic Recorder - Record the interactions (like HTTP GET and POST requests) between the front end application and the back end server in a Traffic File. Application Security can replay these interactions to authenticate into your application. For support related to this plugin, please contact chrome_plugin@rapid7.com
