How can I grab the HTTP(S) requests submitted by a Java app/applet with a free/native Windows application? I tried pktmon but it seems it captures IPs rather than HTTP(S) requests. Unfortunately, I cannot use the Chrome/Edge web dev tools as the Java app/applet runs in a non-browser window.
Related
We have a suite of automated regression tests driven using Selenium for an Angular app with a .NET Core WEB API backend.
The intention is to include some automated security testing as part of our overnight build/test run.
From reading so far it looks like running ZAP as an intercepting proxy between Selenium and our web application is the way to go (see 'Proxy Regression/Unit Tests' in https://www.zaproxy.org/docs/api/#exploring-the-app) but I'm struggling to find clear documentation/examples.
What is the simplest way to achieve this using OWASP ZAP, and are there any definitive articles/examples available?
Start with the packaged full scan: https://www.zaproxy.org/docs/docker/full-scan/
Set the port and then proxy your selenium tests through ZAP. Use the -D parameter to pause ZAP until your tests have finished. For more ZAP automation options see https://www.zaproxy.org/docs/automate/
in my job we have a .NET custom application for testing, we are sending API Requests to another PC where the IIS Express web server is up and running with 81 port. after that test execution starts.
Now I've implemented the MSTest+Specflow project with selenium c# / VS19. on my local machine, it works perfectly, executing/extending reports.
I'm interested in which way can be achieved to send API Request or something to another PC that will starts executing tests. (I have access to that computer with RDP), I don't wanna connect via RDP every time I want to execute tests. for example, sending API Requests via postman to that IP address which will start execution automatically will be perfect.
I am building a browser based application for document scanning. I have looked at offerings from multiple providers like dynamosoft, asprise, atalasoft etc. My basic question on browser based document scanning is that does any of these products enable scanning from remote machines, using browser based interface? Or should scanner be always connected to the system from where browser is launched?
Yes. Browser based document scanning relies on the communication between a local service and the web client. Usually, you need to download the installer of the local service when browsing an online demo of document scanning at the first time. If you want to scan documents from a remote machine, just deploy the service on that machine. Then change the IP for web socket connection.
For example, here is the architecture of Dynamic Web TWAIN.
The scanner should be always connected to the system from where the local service (not the web browser) is launched.
You can watch the video to see how to use Raspberry Pi as the scanner service to capture documents from iMac.
Yes, There is a Application that enable scanning on remote machine. When someone open the browser a connection between web browser and that local machine application established. This connection is done easily by HTML5 Web Socket. Local application do scan and send this image via this connection to your Browser.
Here is the open source repository,
ScanAppForWeb
I'm hoping this will be helpful, though it's not a direct answer to the question.
After spending a lot of time trying to get WebUSB to work try researching other options, I found a solution that works well for my web app. Simply use scanimage to scan to the server. The client sends and AJAX request, the server builds a command string to run with shell_exec in PHP, then use file_get_contents or whatever with the scanned image. In my situation, there's no reason for the scanner to talk to the client, since the image is going to end up in a database on the server anyway.
See also: https://stackoverflow.com/a/63198443/4509516
Extrieve HTTPTWAIN browser-based document scanning SDK support , document scanning from a remote PC. This require service client to be deployed on the remote PC and Web module should connect to the service using ip and port of the remote pc.
To Know more visit- https://www.extrieve.com/web-document-scanning/
I am testing the mobile application with a HTTP(s) script recorder(mobile is connected to JMeter via computer IP address.).
From an app, if I try to login with facebook then it shows failure report in jmter,b ut if I hit the stop button from JMeter(https script recorder) and then after if I try to login with facebook then I can easily able login with facebook.
In order to be able to record HTTPS calls you need to install JMeter's self-signed certificate onto your device.
Start JMeter's HTTP(S) Test Script Recorder
Locate ApacheJMeterTemporaryRootCA.crt file under "bin" folder of your JMeter installation and transfer it somehow to your device (i.e. send it to yourself by email)
Open the certificate on your mobile device and follow your operating system certificate installation dialog to set this up
Now you should be able to record HTTPS traffic. Note that certain mobile operating systems don't support HTTPS proxy on Wi-Fi connection settings level so you may have to use a 3rd-party application for this (i.e. ProxyDroid for Android)
You can also try out a cloud-based proxy service for recording JMeter tests which automates certificate installation process and is capable of exporting the recorded script in "SmartJMX" mode with automatic correlation applied.
I'm developing a cross-platform application (Windows/Linux/macOS), which:
Should be able to run locally as a desktop application
Should be able to run on a remote machine, preferably with the same UI as on local.
So far Electron looks good enough for the first bullet.
The question is about the second one. I'd like to reuse both the logic and the UI from the local scenario for the remote scenario. In other words, I'd like to use Electron based application as a web server and connect to it via browser.
Is there any way to do that?
You can create a remote web server without Electron, just with Node.js, and deliver a web page like a PHP server for example.
But if you want to deliver a complete remote UI and manage the window remotely, that's VERY complicated to do... That needs to configure a lot of things and manage connections between client and server, using asynchronous keyboard & mouse and encryption to secure the communications.
You want a hybrid app I think, like a few of them that out out there (i.e. Slack). Generally there's a web app plus an Electron client version with some shared UI code but it's not Electron all around. The main point of electron is to be a local web server acting as a desktop app. You could certainly keep it all node though.