Topic
  • 2 replies
  • Latest Post - ‏2012-10-02T00:45:36Z by dd4ff
SystemAdmin
SystemAdmin
403 Posts

Pinned topic Android native application

‏2012-10-01T13:38:17Z |
Is there any way where we can route the android native app traffic(i mean native app as an application which connects to the internet i.e not browser based) through appscan standard and capture the flow thru the app via manual explore.
Updated on 2012-10-02T00:45:36Z at 2012-10-02T00:45:36Z by dd4ff
  • bbrazeau
    bbrazeau
    148 Posts

    Re: Android native application

    ‏2012-10-01T14:51:35Z  
    Hi,

    If you can change/set the proxy traffic from the android application, you should be able to capture the traffic generated by the application in AppScan Standard.

    An example of this is listed in the below technote. Simply follow the instructions for configuring the proxy manually:
    http://www-01.ibm.com/support/docview.wss?uid=swg21287443

    -B
  • dd4ff
    dd4ff
    5 Posts

    Re: Android native application

    ‏2012-10-02T00:45:36Z  
    • bbrazeau
    • ‏2012-10-01T14:51:35Z
    Hi,

    If you can change/set the proxy traffic from the android application, you should be able to capture the traffic generated by the application in AppScan Standard.

    An example of this is listed in the below technote. Simply follow the instructions for configuring the proxy manually:
    http://www-01.ibm.com/support/docview.wss?uid=swg21287443

    -B
    Hi,

    There's one extra piece beyond what BBrazeau said. The AppScan proxy listens only on loopback/localhost. So you need a piece to go between your Android and the AppScan proxy to expose the AppScan proxy on an externally accessible (not loopback/localhost) IP address.

    I use rinetd (http://www.boutell.com/rinetd/) for this.

    Then point your Android at this rinetd ip/port and your rinetd at the AppScan proxy port on 127.0.0.1.

    Keep in mind that AppScan probably only listens to the localhost for legitimate security reasons (there is no login on this proxy), so be careful doing this.

    Hope this helps.

    Dan