The mobile hackers' guide to Charles Proxy
The mobile hackers' guide to Charles Proxy 👍
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
Charles -> Proxy -> SSL Proxying Settings... -> SSL Proxying
Charles -> Help -> SSL Proxying -> Install Charles Root Certificate
Get the IP address that Charles is listening to
ifconfig | tr "\n" "" | tr "\r" "" | grep -Eo "en0.*?en[[:digit:]]" | grep -Eo "inet[[:blank:]+]([0-9]{1,3}\.){3}[0-9]{1,3}" | cut -d' ' -f2 | tr -d "\n" | pbcopy && pbpaste
ifconfig | tr "\n" "" | tr "\r" "" | grep -Eo "en[[:digit:]].*?active" | grep -v "en0" | grep -Eo "inet[[:blank:]+]([0-9]{1,3}\.){3}[0-9]{1,3}" | cut -d' ' -f2 | tr -d "\n" | pbcopy && pbpaste
Launch Charles and keep it running
Get the IP address
Make sure the Android device uses the same network as Charles
On Android device
Go to Settings -> Wi-Fi -> long click the network in use -> Modify network -> Advanced options -> Proxy -> Manual
Launch Browser, visit https://chls.pro/ssl, save the certificate
A dialog pops up on computer asking "A connection attempt to Charles has been made from the host ...", just click Allow button
<?xml version="1.0" encoding="utf-8"?>
<network-security-config xmlns:android="http://schemas.android.com/apk/res/android">
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
networkSecurityConfig
attribute under application
.
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<application
android:networkSecurityConfig="@xml/network_security_config">
</application>
</manifest>
Now the SSL proxying should work for your app's debug build variant, but not for release build variant.
Launch Charles and keep it running
Get the IP address
Make sure the iOS device uses the same network as Charles
On iOS device
Go to Settings -> Wi-Fi -> click the network in use -> set HTTP PROXY to Manual
Launch Safari, visit https://chls.pro/ssl (if it doesn't work, try http://www.charlesproxy.com/getssl), install the certificate
A dialog pops up on computer asking "A connection attempt to Charles has been made from the host ...", just click Allow button
In case you need to debug via curl in a terminal:
To set Charles as the proxy
export http_proxy=http://127.0.0.1:8888 && export https_proxy=$http_proxy
To remove the proxy
unset http_proxy https_proxy