The Artifact Viewer offers a variety of features letting the analyst explore, in detail, each artifact processed by Workstation. This allows for a deeper analysis and custom findings in order to deliver the most complete mobile application security assessment.
You can create findings, notes, and outputs directly from the Artifact Viewer using the toolbar at the top-left corner of the window:
Using your mouse, highlight any section you would like to save as an finding, note or output and click on the appropriate button.
The Artifact Viewer embeds several ways to view your artifact file data:
For certain file types (XML, Databases, Log files…), Workstation has a built-in viewer that allows you to browse the data easily:
Upon clicking on an artifact created during the MITM or the SSL Proxy test, you will be presented with a terminal-like interface that will allow you to interactively look at the traffic recorded.
Click inside the terminal interface and use the following keyboard shortcut to navigate and interact with the traffic information:
j to navigate up/down.
l to navigate left/right
Space to go directly to the next page
Enter to select a specific HTTP frame to analyze.
tab to switch between tabs (context-specific, works to switch from request to the response for example).
q to go back to the previous screen.
? to display more keyboard shortcuts and explore advanced options.
If the keyboard shortcuts don’t seem to work, make sure you clicked on the terminal interface and try again.
When you press
Enter on a specific frame, you can see the details of this specific part of the traffic:
You can press
Tab to toggle between the request and the response and use the key shortcuts displayed above, as well as the ones shown when pressing
? to interact further with that specific frame:
The interface described in this section is based on the mitmproxy project. For more information about mitmproxy, please visit the official webpage found here: mitmproxy project page
Workstation also offers an Hex View, available with all types of files, in order to look at hex data that can reveal hidden code or artifacts:
You can also extract strings from a file in order to filter readable-only text. Several options, like the minimum length of the string or the type of encoding you want to search for:
A search feature is also embedded in the Artifact Viewer. Just type your keyword and press “Search”. If matches are found, you can highlight any of them and click on “View in Hex” to jump directly to the location where that string was found in the file.