Artifact Viewer

The Artifact Viewer offers a variety of features letting the analyst explore, in detail, each artifact processed by NowSecure Lab Workstation. This allows for a deeper analysis and custom findings in order to deliver the most complete mobile application security assessment.

Toolbar Buttons

You can create findings, notes, and outputs directly from the Artifact Viewer using the toolbar at the top-left corner of the window:

Toolbar Buttons

Using your mouse, highlight any section you would like to save as an finding, note or output and click on the appropriate button.

Data Viewer

The Artifact Viewer embeds several ways to view your artifact file data:

Native Viewer

For certain file types (XML, Databases, Log files…), NowSecure Lab Workstation has a built-in viewer that allows you to browse the data easily:

Data ViewerData ViewerData Viewer

Traffic Analyzer (MITM / SSL Proxy Tests)

Upon clicking on an artifact created during the MITM or the SSL Proxy test, you will be presented with a terminal-like interface that will allow you to interactively look at the traffic recorded.

Traffic Analyzer

Click inside the terminal interface and use the following keyboard shortcut to navigate and interact with the traffic information:

Up Down or k j to navigate up/down.

Left Right or h l to navigate left/right

Space to go directly to the next page

Enter to select a specific HTTP frame to analyze.

tab to switch between tabs (context-specific, works to switch from request to the response for example).

q to go back to the previous screen.

? to display more keyboard shortcuts and explore advanced options.

If the keyboard shortcuts don’t seem to work, make sure you clicked on the terminal interface and try again.

When you press Enter on a specific frame, you can see the details of this specific part of the traffic:

MITMProxy

You can press Tab to toggle between the request and the response and use the key shortcuts displayed above, as well as the ones shown when pressing ? to interact further with that specific frame:

MITMProxy

The interface described in this section is based on the mitmproxy project. For more information about mitmproxy, please visit the official webpage found here: mitmproxy project page

Hex Viewer

NowSecure Lab also offers an Hex View, available with all types of files, in order to look at hex data that can reveal hidden code or artifacts:

Hex Viewer

Strings

You can also extract strings from a file in order to filter readable-only text. Several options, like the minimum length of the string or the type of encoding you want to search for:

Strings

A search feature is also embedded in the Artifact Viewer. Just type your keyword and press “Search”. If matches are found, you can highlight any of them and click on “View in Hex” to jump directly to the location where that string was found in the file.

Search