Proxy Server API commands

Once the Proxy Server has started, you can start a proxy instance, and send your traffic to your application.
If the site is secured (HTTPS), avoid SSL warnings by doing one of the following:
  • Download the certificate and install it on the browser.
  • Install your own root certificate using CLI option -importRootCertificate
  • Provide a server certificate using the proxyCertificate parameter when executing the StartProxy command.
There are four commands, as described below.
Note: Node.js version 12 and higher is supported.

Documentation

You can view the complete REST API documentation:
  • In Swagger, by tying in a browser:
    http(s)://<server>:<port>
  • In the ASoC documentation, here.

"StartProxy"

Start a proxy that listens on the specified port.
  • URL: http://[server]:[port]/automation/StartProxy/<recordingPort>
  • Request type: POST or GET (if using chainedProxy, proxyCertificate, and clientCertificate the request is POST; otherwise it is GET)

    Request body must be in JSON format

    server = IP address of the machine on which the proxy server is installed. (Default is localhost)

    port = port on which the proxy server listens

    recordingPort = recording proxy listening port (if set to "0", a random port is chosen and the port number returned in the HTTP response)

Optional parameters Type Description
chainedProxy String Configure the upstream (chained) proxy using format [ip]:[port]. This will override the chained proxy rules file (proxy.chain).
proxyCertificate Certificate The certificate must be a JSON object with two fields: “content” with the base64-encoded contents of the certificate file, and “password” with the password to the file.
clientCertificate Certificate The certificate must be a JSON object with two fields: “content” with the base64-encoded contents of the certificate file, and “password” with the password to the file.
encrypted Boolean Encrypt all traffic. Example:

/StartProxy /<recordingPort>?encrypted=true

"StopProxy"

Stop the proxy that is listening on the specified port.
  • URL: http://[server]:[port]/automation/StopProxy/<recordingPort>
  • Request type: GET
Tip: Setting the port to "0" does not stop all open proxies. Use "StopAllProxies" to do this.

"StopAllProxies"

This command stops all recording proxies on all ports, including those started by other users.
  • URL: http://[server]:[port]/automation/StopAllProxies
  • Request type: POST

"EncryptDastConfig"

Upload DAST.CONFIG file for encryption.
  • URL: http://[server]:[port]/automation/EncryptDastConfig
  • Request type: POST
    dastFile = The DAST.CONFIG file to be encrypted. The expected Content-Type of the request is multipart/form-data. The request should contain a single file parameter named "dastFile". Example: 
    Content-Type: multipart/form-data; Content-Disposition: form-data; name="<dast.config>"

    A unique ID is returned in the response, and you use this to download the encrypted file.

"DownloadEncryptedDast"

Download encrypted DAST.CONFIG file (that was uploaded using the EncryptDastConfig API).
Note: When the file is downloaded, both encrypted and unencrypted DAST.CONFIG files are deleted from the proxy server.
  • URL: http://[server]:[port]/automation/DownloadEncryptedDastConfig/<uuid>
  • Request type: GET

    uuid = Unique ID received in EncryptDastConfig API response

"Traffic"

Download recorded data from the proxy identified by the port as a DAST.CONFIG file.
  • URL: http://[server]:[port]/automation/Traffic/<recordingPort>
  • Request type: GET

    port = port on which the proxy server listens

    recordingPort = recording proxy listening port

"Certificate"

Download the self-signed Root Certificate Authority, used by the Proxy Server, as a PEM file.
  • URL: http://[server]:[port]/automation/Certificate
  • Request type: GET
  • server = IP address of the machine on which the Proxy Server is installed. (Default is localhost)
  • port = port on which the Proxy Server listens