Mobile Enforcement Verification
Using the Testing (Native Mobile) tab
The Testing (Native Mobile) tab (Product Settings -> Challenge Settings -> Testing (Native Mobile)) allows you to verify that your installed SDK is running correctly and monitoring and blocking traffic as intended.
Users with Admin, Developer and Dev Tools credentials have access to the Testing (Native Mobile).
Enforcement verification is applicable to both Android and iOS
HUMAN servers assign a unique visitor ID (VID) to every user. In order to use the verification tool, you need to extract the VID assigned to the device being used for testing.
- Access the application being tested with the device.
- Click Find your VID to open the VID Extractor window.
- Enter the device IP address and click Search
- Note: This may take a few minutes*
- Locate your device based on the device, app and carrier attributes listed in the table, and click Select. The required parameters are automatically inserted in the relevant fields.
To verify that the app is blocking correctly:
- Click the Start testing button to flag all traffic from your device as a possible bot.
- Move the app to the background and then to the foreground to refresh the SDK token. The first request sent to your mobile app’s server will receive a 403 response with a Captcha challenge in the response body.
- By calling
PXManager.handleResponse
a Captcha page is displayed. - To clear your VID, you can either solve the Captcha, or click the Stop testing button.
When testing with a mobile emulator
As some of our detections may block mobile emulator based solving, make sure to pass the
x-px-captcha-testing
header to the request.
You can find our testing recommendations here.
Configuring an Android Emulator to use Charles Proxy
To configure your Android Emulator:
- Set the HTTP proxy settings in the Wi-Fi menu.
- In the Wi-Fi menu long press the connected network, select Modify Network, and fill in the proxy settings.
If you are running Charles Proxy on your local machine then use the local IP (not the loopback).- To intercept HTTPS requests follow the guidelines at:
https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/..
In Android Nougat special permissions are required to use a certificate added to the trust store.
Clear
Click the Stop Testing button at any point to remove the simulated mode assigned to your device. After restarting your application all traffic between your device and the server should pass.
Updated about 1 month ago