You must register URLs with VAddy’s servers before you can scan them.
Because you can choose which URLs to scan, you don’t need to test any more of your application than necessary; this in turn can reduce the amount of time it takes to run a scan.
Note that VAddy will not automatically crawl and scan your entire site.
Configure your browser’s proxy settings to use the IP address and port number of VAddy’s proxy server before interacting with your web application.
Browser proxy settings
You will first need to change your browser’s proxy settings. To find the IP address and port number to use, open VAddy’s admin console and select Proxy Crawling from the left sidebar.
Sample proxy settings in Firefox
Configure Firefox’s proxy settings as follows.
- From the Tools menu, select Preferences.
- Under the Network Proxy section, click Settings…
- Select Manual proxy configuration.
- Enter the appropriate IP address and port number.
- If your web application uses TLS/SSL, select Use this proxy server for all protocols.
You may also find it convenient to enter console.vaddy.net in the text field under No Proxy for; this will let you continue to use VAddy’s admin console while crawling your web application.
If you are using Google Chrome as your browser, you will need to configure your operating system’s network settings. For more information, see the Google Chrome Help Center.
Begin crawling
After you have finished configuring your browser’s proxy settings, access the URL listed on the Proxy Crawling page as the endpoint to begin crawling. Upon receiving this request, the VAddy proxy server will begin capturing all the URLs you visit and converting them into crawl data (i.e. test cases).
You may encounter a certificate error if you try to crawl a site via an HTTPS connection.
Sample Workarounds for Certificate Errors
From this point on you will be interacting with the web application you want to test.
Below is an example of a simple application.
In this example, VAddy will record the text field parameters for the name and comment; these will be tested for vulnerabilities later.
Stop crawling
When you are done interacting with your web application, access the URL listed on VAddy’s admin console as the endpoint to stop crawling. This concludes the process of generating crawl data (test cases).
Crawl results
You can select Proxy Crawling from the left sidebar to check your crawl results.
To go back to using VAddy’s admin console, undo the proxy settings that you configured earlier for your web browser.