Troubleshooting Manual Explore

This topic addresses issues related to manually exploring your site.

Manual Explore plugin problems

If Manual Explore does not work, there are a few options you can try:

  • If you are manually exploring your local machine, you must ensure that the host name used in the manual explore browser is different than the host name used to access the Enterprise Console. Otherwise, the URLs will be filtered out of the list. For example, if you access the Enterprise Console using http://server1/ase, use http://server1.domain.com/ase when manually exploring.
  • By default, the proxy listens on the IP address where the request is received. The proxy IP address might need to be configured in the web.config file of the computer where the Enterprise Console is installed (located at c:/program files/hcl/appscan enterprise/webapp). Use the "ipconfig" command line prompt (through the computer's Start > Run menu) to display all the IP addresses used on the Enterprise Console machine. Specify the proper IP address in the ProxyLocalAddress key as highlighted in the following example:webconfig file
    Note:
    1. You might need to restart IIS after you have edited the file.
    2. You might need to try all the IP addresses on your computer to see which one works.
    3. Try opening the firewall ports (40001-40500 or others) from the client to the Enterprise Console.
  • You cannot download the plug-in from the downloads directory. This can occur if the default website in IIS does not have an HTTP binding. To fix this problem:
    1. Go to IIS > Sites > DefaultWebSite > Edit Bindings.
    2. Look at the bindings available. Ideally, you will see both HTTP and HTTPS, but if your environment is a secure environment, the bindings might be restricted to only HTTPS. Do one of the following steps:
      1. Add an HTTP binding to the DefaultWebSite. This still is secure, because the folders in the ASE folder require SSL, except for the downloads folder that does not require SSL.
      2. Edit the <install-dir>\HCL\AppScan Enterprise\WebApp\web.config file. In this line: <add key="DownloadPluginOver" value="http"/>, change value="http" to value='https'.
        Note: This choice is feasible only if the SSL certificate is one that is trusted by Firefox. If you don’t have a certificate that Firefox trusts, and you set the downloads directory to use HTTPS, then Firefox reports that the connection might not be made when a user attempts to download the Manual Explore plug-in.

Manual Explorer tool problems

Invalid certificate error while exploring https:// sites

You might get an error regarding an invalid certificate. This is an invalid certificate on the Manual Explorer tool, not the website; accept the certificate.

Google Chrome error while trying to use https:// on google.com

If you are exploring https://www.google.com, you will see an error "The site's security certificate is not trusted!". Google has removed the "Proceed anyway" button but you can type "Proceed" into the browser window to accept the certificate.

Document images/css not loading in Mozilla Firefox over https:// when they are on a different domain

Firefox will not load inline requests from external URLs if the certificate is invalid. Use Internet Explorer, or navigate to each inline request in Firefox and accept the invalid certificate for it.

Manual Explorer does not record traffic from website

This is a .NET issue; the server returns an HTTP response with malformed headers, which causes .NET to throw an exception. This strict validation rule for headers is enforced by .NET to prevent permissive validation rules from exposing the client to security attacks. You can manually set an application-specific configuration option by creating a ManualExplorer.exe.configfile and storing it in <install-dir>/Program Files/HCL/AppScan Manual Explorer. Include this content in the file:

<?xml version="1.0"?>
<configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing='true' />
</settings>
</system.net>
</configuration>