Record a secured application in tunnel mode

Recording a secured application in tunnel mode makes it possible to record any secured web or native application. When recording a scenario, NeoLoad acts as a go-between with the browser and the web server. With a secure connection, NeoLoad has to decipher the traffic flowing between the two entities in order to analyze its content. Each time a communication is sent, NeoLoad decodes the incoming data, analyzes it, and re-ciphers it before sending it out again. This process requires the use of certificates.

The communication between the mobile device and the server is recorded through the NeoLoad Tunnel function which makes it possible to launch the NeoLoad Recorder without using the NeoLoad proxy. On one side, the Tunnel simulates the web server for the mobile device, and on the other side, it processes the requests and responses with the web server. The Recorder catches the transactions to build the scenario. NeoLoad allows the filtering of the recording to skip or include some requests in order to get an accurate scenario.

• Tip: When a secured application is able to use the proxy set on the device, it is advised to record it in proxy mode, for it is easier to use. See Record a native application in proxy mode.

• Warning: Tunnel mode recording is available only when NeoLoad 5.5 is installed on Windows or OS X operating systems.

Before recording a secured application in tunnel mode, it is necessary to:

• install the NeoLoad root certificate, as described in Secured applications and
• configure the tunnel mode and the network IP parameters of the machine where the NeoLoad recorder is installed

You can start recording an application with:

• the Start Recording toolbar button
• the Record > Start Recording command
• the Start Recording button in the User Path panel
• the Record Here option with a right-click on a page, Transaction or logical action
• the Recording API (to learn more, see the Recording API User Guide)

Warning: Before recording the scenario, it is recommended to close all HTTP client applications (other Web sessions, Twitter client, and so on). NeoLoad records all the HTTP flows going through the machine. It is necessary to close HTTP clients or define exclusion rules in NeoLoad to avoid unwanted requests in the recording.

The Start Recording dialog makes it possible to define the new recording.

To record in tunnel mode, the tunnel mode option must be selected.

It is recommended to uncheck the Start client option as the mobile device itself generates the traffic. As soon as the record is started in NeoLoad, the mobile application can be used. NeoLoad catches the HTTP traffic of the recorded application to create the test scenario content.

A click on the OK button closes the Start Recording dialog and displays the Tunnel mode recording wizard to prepare the recording.

A click on the Detect servers button starts the native application discovery function.

The Detecting servers bar shows the IP address of the NeoLoad Controller. Without closing the bar, the IP address of the DNS server of the device must be modified to reroute transactions toward the NeoLoad Controller:

1. The IP address of the DNS server of the mobile device must be noted down to reset the device after the recording process.
2. In the Wifi parameters of the mobile device, it is necessary to switch the IP address of the DNS server with the IP address of the NeoLoad Controller shown in the Detecting servers bar.
3. The device must be restarted to save the change.

At that moment, the application on the mobile device must be started to have NeoLoad detect the servers used in the application. On the mobile device, every action in the scenario must be performed to have the Detecting servers bar analyze the application.

A click on the Stop server detection process icon closes the Detecting servers bar and updates the Tunnel mode recording wizard. The Servers list step displays all the application servers and domains to record:

• Hostname is the name of the server or domain.
• Port is the port requested by the application. It must be checked and changed when necessary.
• SSL must be selected when the connection to the server or domain is cyphered.

The servers list is empty for the first Virtual User. Otherwise, it shows the servers used by the Virtual Users already created for the application.

• Warning: When recording in tunnel mode from a real mobile device, it is necessary to manually define the port which NeoLoad must listen to. Otherwise the client application may display a connection refused error.

The servers list can be modified with the Add and Remove buttons. It can be modified subsequently too at the end of the scenario record or in the Design section.

In the Tunnel mode recording wizard, clicking the Next button launches the Configuration check step.

When issues are raised, it is necessary to correct them before starting the true record of the application:

• Additional IPs may be required to connect to SSL servers, as described in Activate the tunnel mode. It may be necessary to assign more IPs in the operating system.

  On Windows Seven for example, it is necessary to choose Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Properties > Advanced to display the Advanced TCP/IP Parameters dialog. In the IP addresses section, a click on the Add button allows specifying the first IP for the identifiers range, for example 192.168.1.210. All the parameters must be saved for the new virtual IP addresses to be taken into account.

• Ports may be already used: When a port is required by NeoLoad although it is already used by another application, NeoLoad cannot process the record. That application process that used the port must be stopped.

Once IPs and ports are ready, clicking Back in the Tunnel mode recording wizard makes it possible to restart the Configuration check step. When the configuration is ready, a click on the Finish closes the wizard.

The Recording of Virtual User bar is displayed to record the mobile application. To make sure the DNS server is used when recording the application, the mobile device must be restarted.

Browsing the application and performing every action of the scenario automatically create the record in NeoLoad. When all the actions are done, a click on the Stop Recording icon stops the recording and closes the recording bar. The Post-recording Wizard opens up to help configure the recorded scenario. See Post-Recording wizard. Subsequently, the scenario can be edited and improved in the Design section of the NeoLoad Controller. See User Paths.

When the recording is over, the original IP address of the DNS server must be set back on the mobile device before restarting it to save the change.

• Warning: When a problem prevents the recording to terminate correctly, the internet connection may be suspended after the recording. Stopping the recording prematurely does not make it possible for NeoLoad to reset the operating system DNS configuration. The configuration must be restored from the neoload.log file : The log keeps track of the original DNS configuration before it is modified for the tunnel mode. For example:
  2012/11/13 09:27:20 INFO - neoload.DNS: Original DNS server IP is : 192.168.1.4
  2012/11/13 09:27:20 INFO - neoload.DNS: Original DNS server is configured by DHCP : false
  The first line shows the IP address of the primary DNS server. The information helps reset the network configuration back to its original state.
  The second line tells whether the DNS server was retrieved from the DHCP server.

For more information about recording a mobile application in tunnel mode, see the tutorial Tunnel mode: record a mobile application.

• To record a secured mobile application in tunnel mode

1. Locate the NeoLoad root certificate:
   • On Windows: %ApplicationData%\Neotys\NeoLoad\<version>\conf
   • On Unix/Linux: <HOME>/.neotys/NeoLoad/<version>/conf
2. Install the certificate:
   • On the browser used as a mobile emulator, or
   • On the mobile device:
     • On an iOS device, send an email with the certificate file in attachment to yourself. Open the email on the mobile device. Click on the attachment to install it.
     • On another device like Android, check the installation policy provided by the mobile vendor.
3. Connect your mobile device in Wifi to the same network as your NeoLoad Controller.
4. In the Design section of NeoLoad, click Start Recording.
5. In the Start Recording dialog, specify a new Virtual User.
6. To record in tunnel mode, check the tunnel mode option.
7. To record from your mobile device, uncheck the Launch browser option. Click OK.
8. In the Tunnel mode recording wizard, click Detect servers.
9. The Detecting servers box gives you the IP address of the NeoLoad Controller.
10. On your mobile device, change the Wifi parameters:
    • Note down the current IP address of the DNS server.
    • Change it with the IP address of the NeoLoad Controller.
    • Restart your mobile device.
11. On your mobile device, start your application. Browse the application as expected in your scenario.
12. Click on the Stop server detection process icon.
13. In the Tunnel mode recording wizard, rectify the servers list and the record configuration. Click Finish. The Recording of Virtual User bar is displayed.
14. Restart your mobile device. Start your application. Browse the application as expected in your scenario.
15. Click on the Stop recording icon.
16. Reset the IP address of the DNS server of the mobile device. Restart the device.
17. Configure your scenario further in the Post-recording Wizard.

Home