Native Mobile App Scanning for IOS device

Hi, 

I am planning to run webinspect scan on Mobile app i have on IOS device. But the problem is the webinspect machine that i use is installed on a Virutal Machine which is connected to internet only through LAN. The VM runs on WIndows Server O.S

I have previously run scan on android app by using android emulator but haven't been able to do the same with the app on iOS device.

Please advise 

Tags:

Parents
  • You should be able to do this once you can control the IOS device.  You did not run into this issue with your Android emulator because it lacked a cellular antenna.  I would turn on Airplane mode to otherwise disable all cellular connections, and then join the same LAN (wifi) on which the WebInspect workstation resides.  Once you have the device on the same LAN, then you need to configure it to use the WebInspect machine as its trusted proxy (see the Guided Scan Wizard for this process).  When I was testing Android devices, this seemed to be the hardest part, as different OS versions had different ways to force the preferred connection, accept the WebInspect certificate, and also to control the application's proxy settings.

Reply
  • You should be able to do this once you can control the IOS device.  You did not run into this issue with your Android emulator because it lacked a cellular antenna.  I would turn on Airplane mode to otherwise disable all cellular connections, and then join the same LAN (wifi) on which the WebInspect workstation resides.  Once you have the device on the same LAN, then you need to configure it to use the WebInspect machine as its trusted proxy (see the Guided Scan Wizard for this process).  When I was testing Android devices, this seemed to be the hardest part, as different OS versions had different ways to force the preferred connection, accept the WebInspect certificate, and also to control the application's proxy settings.

Children
  • Thank you so much for your response. I will try to follow your instruction and do it. I believe it will be hard for me to get my phone connected to the same network as webinspect VM because we don't have wifi connection for that network. VM is connected to the network through ethernet cable. 

    I wanted to know my only option to run webinspect scan on IOS mobile app is to have both IOS device and Webinspect on the same network?

  • Verified Answer

    At present, yes, you must have both WebInspect and the mobile device on the same network,.  The Native Mobile testing is essentially just Man-in-the-Middle capturing of the traffic, and then you set WebInspect loose to Audit what was seen.  "Stupid proxy tricks" as I would call it.    ;-)    In this respect, this testign configuration is very similar to the old Manual Step-Mode scan method found under WebInspect's Basic Scan Wizard.

    You will need to get a wifi access point to plug into your LAN Ethernet, so that both the IOS device and WebInspect are on the same network and WebInspect can be configured as the network proxy for the mobile device.

  • Thank you for your reply. this has been very helpful

  • Hi, 

    Is there a way to use iphone simulator in windows VM to run the scan?

  • The Native Mobile Application scan template currently supports Android, Windows, and IOS devices (see WebInspect Help for details), so I do not see any issue with using your simulator with WebInspect.  I have used an Android simulator myself.  The key technical issue will be setting up your simulated device so that it is on the same LAN network as WebInspect so that it can use the proxy and certificate offered by WebInspect and then run all of its application traffic through WebInspect.