Description
SC DAST Login Macro known issues & troubleshooting
Solution
WebInspect not loading a specific framework
Description:
How to verify if the underlying WI Firefox version can load website
https://portal.microfocus.com/s/article/KM000008382?language=en_US
WI/SC DAST - Error while running login macro - Target object was not found
Description:
Scan is interrupted with an error of "failed playing due to TC error Step 3: Click on Name button failed - Target object was not found. Identification Method: Automatic Object Not Found".
https://portal.microfocus.com/s/article/KM000013146?language=en_US
Creating and Troubleshooting Fortify WebInspect Login Macros, Jan. 26
Description:
In this session we will look at how to create and troubleshoot login macros in Fortify WebInspect. Being able to login and maintain state during the crawl and audit process of WebInspect is important.
The end of the video goes through the following troubleshooting steps.
If the Macro Recorder is unable to parse a page, is "stuck" during a redirect (i.e., SSO) or just not functioning as expected, try narrowing down the issue (proxy, TC, browser version, local storage):
1). Step 1:
The first thing to try is opening the site in Fortify\Fortify WebInspect\truclientbrowser\truclientbrowser.exe. This will confirm whether the site will load successfully in Firefox and the current version used.
A). Try opening the site in Fortify\Fortify WebInspect\truclientbrowser\truclientbrowser.exe
truclientbrowser.exe -no-remote -profile .\profile
B). (Optional) Try in the version of Firefox corresponding to the Macro Recorder/TruClient
i Download older version of Firefox that corresponds with the current version of TruClient (There
is a KB article published that shows what version of Firefox TC is based on.)
https://ftp.mozilla.org/pub/firefox/releases/
ii Instead of installing, right-click on the setup executable and choose to extract the files with 7zip
iii In an elevated command prompt, browse to the core folder extracted
(C:\Users\ebell\Downloads\Firefox Setup 58.0.2\core)
iv Execute the following command: firefox -no-remote -profile ..\test\
2). Step 2
Funnel traffic through the WI Web Proxy tool and a regular, working browser (Chrome, Edge, Firefox, etc.) to see if that is the cause of the situation. If it works, the problem is not with the WebInspect Proxy, but with some of the modifications made in the WI Macro Recorder or the requirement for local storage.
3). Step 3
To test some of the modifications, copy the user.js file from Fortify\Fortify WebInspect\datTCB\ASCMasterProfile to the new profile (.\profile) and see if the issue is reproducible. If it is reproducible.
A). Press Ctrl + Shift + J and look for anything that may indicate the cause of the issue
B). Press F12 and look at the network tab for any indication of the issue
C). You can use a process of elimination to determine which setting in this file is causing the malfunction.
4). Step 4
Verify whether the web application is using local storage. If so, click on the gear in the macro recorder, and under the interactive options tab enable support web storage.
5). Step 5
If all the above are successful, but the Macro Recorder still does not function properly, please open a CPE and include
A). WI proxy capture where successful
B). WI proxy for failure / HAR from macro recorder
C). Browser console logs (Ctrl+Shift+J)