Secured applications

When the mobile application to record uses a secured connection (HTTPS) to connect to the server, the mobile device sees the NeoLoad recording proxy or the NeoLoad tunnel as a man-in-the-middle attack and refuses the connection. It is necessary to authorize the connection with the proxy or the tunnel to be able to record the traffic. The NeoLoad root certificate must be imported in the device or emulator.

The root certificate is created when NeoLoad is first launched and is named NeoLoad_Root_CA.cer. It can be found in the configuration sub-directory of the user profile directory.

In Windows, the configuration directory is accessible from %appdata%, for example:

• C:\Users\<username>\AppData\Roaming\Neotys\NeoLoad\v7.1\conf

In Unix/Linux/Mac, the configuration directory is accessible from <$HOME>, for example:

/home/<username>/.neotys/NeoLoad/v7.1/conf/

The root certificate must be installed on the emulator or on the mobile device.

• To install the root certificate on an iOS device (iPhone, iPad)

1. Send yourself an email with the certificate attached.
2. Open the email on the mobile device.
3. Click on the certificate attachment to install it.

• To install the root certificate on an iOS 11 device (and above)

1. Send yourself an email with the certificate attached.
2. Open the email on the mobile device.
3. Click on the certificate attachment to install it.
4. In the device settings, go to General > About >Certificate Trust Settings.
5. Enable the "Full trust for root certificate" option for the NeoLoad recorder certificate.

• To install the root certificate on a device on Android 4.0 and above

1. On the computer running NeoLoad, start NeoLoad.
2. Click Help > Open Logs Folder.
3. In the displayed window, go to the up directory, then open the conf folder.
4. Copy the file NeoLoad_Root_CA.cer.
5. Connect your physical android device via USB.
6. Paste the file NeoLoad_Root_CA.cer at the root folder of the SD card.
7. On the Android device, select Settings > Security > Install from SD card.
8. When you do not have a screen locker configured on your device, configure one with a password, a pattern, or a PIN.
9. Choose the file NeoLoad_Root_CA.cer
10. Restart the Android device.

• Warning: Since Android 7.0, the recording of native secured applications requires a modification of the APK (Android Application itself).
  This is required by Android 7 Nougat New Security Layer: https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
• For Android 7.0 and above the procedure below must be applied.

• To install the root certificate on a device on Android 7.0 and above

1. Add the the "res/xml/network_security_config.xml" file in the APK of the Android Application with the following content:
   
   

   <?xml version="1.0" encoding="utf-8"?>
   <network-security-config>  

         <base-config>  

               <trust-anchors>  

                   <!-- Trust preinstalled CAs -->  

                   <certificates src="system" />  

                   <!-- Additionally trust user added CAs -->  

                   <certificates src="user" />  

              </trust-anchors>  

         </base-config>  

    </network-security-config>
   

2. Regenerate and sign the APK.
3. Install this APK.
4. This allows the NeoLoad Certificate Authority just added to be usable by the APK.

• To install the root certificate on the emulator for Android 4.0 and above

1. On the computer running NeoLoad, start NeoLoad.
2. Click Help > Open Logs Folder.
3. In the displayed window, go to the up directory, then open the conf folder. For example, on Windows Vista, the folder is C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf
4. Open a command prompt.
5. Start the Android Emulator.
6. Type the command cd C:\android-sdk\platform-tools where the Android sdk tools are installed in the C:\android-sdk folder.
7. Type the following commands to set the permission of the SD card folder:

   adb shell 

   su

   mount -o rw,remount rootfs / 

   chmod 777 /sdcard/

   exit 

   exit

8. Type the command adb push C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf\NeoLoad_Root_CA.cer /sdcard/ by replacing the path C:\Users\<user>\AppData\Roaming\Neotys\Neoload\<version>\conf with the path in step 3.
9. On the Android Emulator, select Settings > Security > Install from SD card.
10. When you do not have a screen locker configured on your device, configure one with a password, a pattern, or a PIN.
11. Choose the file NeoLoad_Root_CA.cer
12. Restart the Android emulator.

• Tip: For other devices, installing the certificate often depends on the mobile vendor policy. For more information, contact your mobile vendor.

Once the certificate is installed, the secured application can be recorded in NeoLoad:

• as a browser-based application or a native one in proxy mode, or
• as a native application in tunnel mode.