Recording WAPT on HTTPS

Question

Has anybody used WAPT for testing of HTTPs pages? We're running WAPT against a .NET solution that is acting as a relying party for a centralized authentication system. Some of the pages are on HTTP, but others are running on HTTPS.

We've installed the recorder certificate into the root, and we now have it recording the HTTP pages and the HTTPS pages from the centralized authentication system. However, when the recorder gets returned back to our main website on HTTPS, it refuses to record those pages.

If we disable the recorder, WAPT shows the page correctly (although we have to accept the unsigned cert).

Has anybody tried this before? This is an example flow with the WAPT Recorder:

1. Start Recording in WAPT
2. Load home page (http://mysite.com)
3. Click on Login, WAPT browser is redirected to auth site (https://mysso.com)
4. Authenticate, WAPT browser is redirected back (https://mysite.com)

The last step doesn't work. We've also tried using an external browser like Mozilla or Safari, instead of the built-in browser, and if the Recorder is on and using its proxy the same problem occurs.

Any thoughts?

Answer 1

Often tools that records http traffic will have some difficulty recording and playing back login scenarios because once you log in, your site will have some sort of session cookie or auth token that needs to be included in all subsequent requests after logging in. This is usually created each time you log in and lasts only for that session. This means when you go to play back those requests, it will likely be using the old values, which means that the login will be unsuccessful and you will get redirected back to the login screen. You will need to do something like send the log in request, then extract the session cookie or auth token from that response and replace the previously recorded value in all subsequent requests.

Alternatively, if this is truly an issue with the tool having a bug around switching from HTTP to HTTPS, I would contact the vendor since it is a for pay tool and they have a support team that should be able to help you out.