Previous Topic

Next Topic

Book Contents

Book Index

Secured applications

When the mobile application to record uses a secured connection (HTTPS) to connect to the server, the mobile device sees the NeoLoad recording proxy or the NeoLoad tunnel as a man-in-the-middle attack and refuses the connection. It is necessary to authorize the connection with the proxy or the tunnel to be able to record the traffic. The NeoLoad root certificate must be imported in the device or emulator.

The root certificate is created when NeoLoad is first launched and is named NeoLoad_Root_CA.cer. It can be found in the configuration sub-directory of the user profile directory.

In Windows, the configuration directory is accessible from %appdata%, for example:

In Unix/Linux/Mac, the configuration directory is accessible from <$HOME>, for example:

/home/<username>/.neotys/NeoLoad/v6.7/conf/

The root certificate must be installed on the emulator or on the mobile device.

  1. Send yourself an email with the certificate attached.
  2. Open the email on the mobile device.
  3. Click on the certificate attachment to install it.

  1. Send yourself an email with the certificate attached.
  2. Open the email on the mobile device.
  3. Click on the certificate attachment to install it.
  4. In the device settings, go to General > About >Certificate Trust Settings.
  5. Enable the "Full trust for root certificate" option for the NeoLoad recorder certificate.

  1. On the computer running NeoLoad, start NeoLoad.
  2. Click Help > Open Logs Folder.
  3. In the displayed window, go to the up directory, then open the conf folder.
  4. Copy the file NeoLoad_Root_CA.cer.
  5. Connect your physical android device via USB.
  6. Paste the file NeoLoad_Root_CA.cer at the root folder of the SD card.
  7. On the Android device, select Settings > Security > Install from SD card.
  8. When you do not have a screen locker configured on your device, configure one with a password, a pattern, or a PIN.
  9. Choose the file NeoLoad_Root_CA.cer
  10. Restart the Android device.

  1. Add the the "res/xml/network_security_config.xml" file in the APK of the Android Application with the following content:

    <?xml version="1.0" encoding="utf-8"?>
    <network-security-config>
          <base-config>  
                <trust-anchors>  
                    <!-- Trust preinstalled CAs -->  
                    <certificates src="system" />  
                    <!-- Additionally trust user added CAs -->  
                    <certificates src="user" />  
               </trust-anchors>  
          </base-config>  
     </network-security-config>
  2. Regenerate and sign the APK.
  3. Install this APK.
  4. This allows the NeoLoad Certificate Authority just added to be usable by the APK.

  1. On the computer running NeoLoad, start NeoLoad.
  2. Click Help > Open Logs Folder.
  3. In the displayed window, go to the up directory, then open the conf folder. For example, on Windows Vista, the folder is C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf
  4. Open a command prompt.
  5. Start the Android Emulator.
  6. Type the command cd C:\android-sdk\platform-tools where the Android sdk tools are installed in the C:\android-sdk folder.
  7. Type the following commands to set the permission of the SD card folder:
    adb shell 
    su
    mount -o rw,remount rootfs / 
    chmod 777 /sdcard/
    exit 
    exit
  8. Type the command adb push C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf\NeoLoad_Root_CA.cer /sdcard/ by replacing the path C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf with the path in step 3.
  9. On the Android Emulator, select Settings > Security > Install from SD card.
  10. When you do not have a screen locker configured on your device, configure one with a password, a pattern, or a PIN.
  11. Choose the file NeoLoad_Root_CA.cer
  12. Restart the Android emulator.

Once the certificate is installed, the secured application can be recorded in NeoLoad:

In This Section

Record a secured application in proxy mode

Record a secured application in tunnel mode

See Also

Record mobile applications

Web applications

Native applications

Hybrid applications