Android trust charles certificate

How to set up Charles Proxy for mobile and web apps?

Ever wondered how to maintain quality of software even in worst-case scenarios be it network failures or server breakdown?

One of the solutions to the above scenario is replicating the possible failure environment by configuring Charles proxy.

Let’s understand how this tool helps in providing the solution to the mentioned cause in the various software apps.

Charles proxy is an interactive web debugging tool which acts as a middleware between the client (mobile or web app) and the internet. Using this tool we can configure client environment to pass all networking requests and responses through Charles proxy so that we can inspect and even change the data midstream to test how the app responds.

In Web and Internet development we are unable to see what is being sent and received between the web browser/client and the server. Without this visibility, it is difficult and time-consuming to determine exactly where the fault is. Charles makes it easy to see what is happening, so we can quickly diagnose and fix problems.

Basic Configuration

This is common for any type of app; mobile or web.

1. Download Charles from the below link:https://www.charlesproxy.com/ make sure that this tool is a paid one, however, we can make use of its trial version.

2. Install the app and have a note of your machine IP address for further configuration

3. Download and install Charles root certificate on the desired remote device where the tests need to be performed i.e, android, iOS device or web browser.

4. Remote device configuration based on the Charles root certificate to be installed on various devices as follows:

IOS Simulator

Open Charles and select the option to install a root certificate on iOS simulator from :

Help>SSL Proxying>Install Charles Root Certificate in iOS Simulator

Open iOS simulator and enable Charles proxy certificate from settings as:

Settings>General>About>Certificate Trust Settings

Open the app under test and validate the requests and response based on the action performed on the app. Experiment adding the breakpoints to API requests and responses.

Android Emulator

Open Emulator settings and configure the Charles proxy for a device with android version N, using either command line or from emulator settings as below:

The command for setting up manual IP on an emulator:

Configuring IP from emulator settings:

Open Charles and select the option to download the Root certificate either from mobile browser hitting chls.pro/ssl or via downloading the file on the system itself post which we can install the same to android device or emulator from:

Help>SSL Proxying>Save Charles Root Certificate…

Save the Charles root certificate to the system, copy to Emulator storage and install it as:

Emulator>Settings>Security>Trusted Credentials>Install from storage>open saved Charles Root certificate

Open the app now and validate the request and response on the Charles, Experiment adding the breakpoints to API requests and responses.

Web Browser (Chrome)

Charles proxy basic configuration remains same for web browsers as well where we install the Charles root certificate on the system and configure it for the browser on the Chrome settings as:

On macOS, please follow the instructions for the macOS above. These instructions only apply to Windows.

1. In Charles go to the Help menu and choose “SSL Proxying > Save Charles Root Certificate”. Save the root certificate as a Binary Certificate (.cer) to the desktop, or somewhere where we can easily access it in the next step.
2. In Chrome, open the Settings. At the bottom of the settings page, click “Advanced” to open the advanced section, then click the “Manage certificates…” button.
3. Go to the “Trusted Root Certification Authorities” tab and click “Import…”.
4. Find the certificate file saved from Charles in the previous step, then click Next and Finish, leaving the default options, until you complete the import. Chrome will now always trust certificates signed by Charles.
5. After importing we can delete the certificate file that has been saved.

IOS Devices

Even for the devices, the concept of configuring Charles remains same as simulators just have to configure the mobile network proxy with the system and open chls.pro/ssl to get the root certificate download and enable it from settings from below steps:

Settings>General>About>Certificate Trust Settings

Android Devices

For connecting android devices configure the network proxy for the device as mentioned below.

Settings>Wifi>Connected network>Advanced>Proxy>Manual>Set host & port

After configuring it download the root certificate by either downloading to the device and installing it or via navigating to chls.pro/ssl from local device browser to download Charles root certificate.

Installation of root certificate may ask to add further security measures to devices for protecting the credentials before root certificate installation, once done the device is ready to be under Charles proxy influence to debug the network traffic.

Let’s assume we have Charles proxy setup ready on our chosen device.

Now let’s discuss how does the debugging work.

Debugging using Charles

This section focus on actual debugging of the requests and responses inspected via Charles and intercepted according to our need to replicate any particular realtime scenario. For interception there are various of its tools performing their respective functionalities, I want to discuss below few which I found very useful in debugging and ensuring the quality of app under test behaving in various network circumstance.

Breakpoints Tool

The Breakpoints tool lets us intercept requests and responses before they are passed through Charles. We can examine and edit the request or response and then decide whether to allow it to proceed or to block it.

When a request or response trips a breakpoint the Breakpoints window automatically opens in Charles and comes to the front. The Breakpoints window contains a list of the requests and responses currently intercepted and waiting for our action. Select the request or response to view and edit the contents. Then decide to Execute, Abort or Cancel the breakpoint.

Источник

Android 11 devices and Charles

This tutorial will show you how to configure Charles and your Android 11 device so you can view your app’s network traffic in plain text. FYI, the root certificate installation steps are slightly different to older Android versions

NOTE: Since Android Nougat (7.1), Google have blocked tools like Charles from intercepting/decrypting network traffic from Play Store apps

NOTE: To proceed with this tutorial, you will need to be able to build your own Android app. Make sure the “Network Security Config File” has been added to your app’s repo (see more details here and here).

Be able to build your own Android app

Make sure you have setup the Charles Root certificate on your Mac

Check Wi-fi networks

Make sure your Mac and Android device are on the same Wi-Fi network

Find your Mac’s local IP address

Open Charles -> Help -> Local IP address.

Make note of the IP address as you will need to enter it into your device later

Navigate to device’s Wi-Fi proxy screen

Settings -> Wi-fi -> long press the connected Wi-Fi network to bring up the menu -> Modify -> Advanced options -> select “Manual” from the proxy drop down

NOTE: there are slight navigation differences between OS versions in how to get to your Wifi proxy settings but they should be fairly similar to these screenshots

Configure device’s proxy settings

This step will proxy all your device’s internet traffic through your laptop

• Proxy hostname: this is your Mac’s local IP address
• Proxy Port: 8888

Accept incoming network traffic from your device

On your device, open Chrome and go to a website

Return to your Mac. You should now see this prompt from Charles. Click “Allow”

Encrypted traffic from the device should now appear in Charles

Download Root certificate for device

Return to the device, open Chrome and go to chls.pro/ssl.

Install root certificate

O pen the “Setting” app -> Security -> Encryption & Credentials -> Install a Certificat e -> CA certificate -> Install anyways -> tap on the certificate

Android may prompt you to enter pin, password or fingerprint before installing the root certificate

Verify root certificate has been “trusted”

Return to Encryption & Credentials. Tap Trusted credentials -> USER

You should now see a certificate from “XK72 Ltd” appear

Enable SSL proxying to view traffic in plain text

Return to Charles, right click the network request you are interested in and click the “Enable SSL Proxying” option

FYI, I am using an Android app a friend created to demonstrate decrypting Android app traffic

NOTE: As mentioned at the start of the article, you need the ability to build your own Android app to view decrypted traffic. This step will not work with an app downloaded from the Play Store

Kill and Reopen app

Kill and reopen the app. You should now see the network request details in plain text

Источник

How to use Charles Proxy for debugging applications?

Charles allows users to oversee data transmitted between their computer and a server, which, under normal circumstances, remains hidden from the users.

How do you track the traffic between your program and a web server? Using Charles proxy, of course! It allows developers of client/server solutions to check if the app they are building has any issues when connecting to the remote sources of data (videos, files, databases). Using the program, one can easily check:

• how an app behaves with large or small volumes of data;
• transferred data’s format;
• requests, responses, and their parameters;
• the way servers process bad requests and the app processes bad responses;
• how the app processes errors, etc.

Essentially, Charles allows users to oversee data transmitted between their computer and a certain server, which, under normal circumstances, remains hidden from the users. Programmers and webmasters can use this data to improve the performance of their sites. For regular users, leveraging a proxy can be a decent way to familiarize themselves with the main principles of the Internet’s functioning.

Installation and the first launch

Everything starts with downloading a setup file from the official website. The free trial lasts for 30 days, after which a 30-minute time restriction on a single session will be imposed. To resume your work, you’ll need to restart the app every time it shuts down. If the need for longer sessions arises, you’ll have to purchase the app to continue using it without any limitations. Follow the installation procedure and launch the app.

During the first launch, the program will offer to adjust your network settings so that they could work with it properly. Click Grant Privileges and wait for the app’s interface to load. It is an important step; if it is missed, the app that is being tested won’t be able to use intermediary services offered by Charles.

Charles works perfectly with most modern browsers, both desktop and mobile. The setup procedure, however, may vary from one system to another. To let the software configure automatically, Edge, Chrome, and Safari users don’t have to perform any additional actions after installing the app. Firefox users will need to install a special add-on to ensure that Charles proxy launches automatically along with the browser.

Launching the program on mobiles

Mind that your mobile device and the computer with the debugger proxy must be connected to the same network. Windows and macOS devices perform all necessary configurations automatically, while mobile devices require manual setup. You don’t need to set the program’s running port by hand; its predetermined value is 8888. However, you’ll need to change the proxy setting of your mobile device (from Off to Manual).

Configuring an iOS device

As mentioned earlier, setting up Charles proxy on IOS is fairly simple: just locate the current network in Settings and change its proxy setting from Off to Manual. Your device will then ask to input the server’s IP, which should be identical to that of your PC. Mind that you’ll need to turn off Charles manually every time you finish using it.

As soon as you start using your iPhone, the proxy will ask you to approve the connection. After that, your mobile device and its IP-address will get on the Access Control list of the proxy.

If you are planning to test your app with an iOS emulator, it should connect to Charles automatically. If it fails to do so, try restarting it or set the proxy as the system one in your macOS.

Configuring your Android device

Not all Android devices have the setting for HTTP proxy. If your phone/tablet does, just follow the procedure that is rather similar to the one described in the iOS configuration: change the name of the proxy to the IP-address of your computer with Charles, and change the port to 8888.

In order to use an Android emulator, add an additional command line in it and type: http-proxy http://LOCAL_IP (this is your computer’s IP-address):8888.

Regardless of the mobile device you use, don’t forget to switch the HTTP proxy off after you finish using it. If you fail to do so, your apps will show network failures.

Working with SSL-Encrypted websites

Mind that Charles won’t work with HTTPS-protected websites without Charles root certificates. They must be installed by hand, through going to Help>SSL Proxying. Within this menu, you should see a dedicated button for installing the needed certificates. The process will be completed automatically (yet mind that you’ll need to set the certificates’ status to “trusted” in your browser). Fortunately, this process is rather simple:

On a Windows computer (to be used with IE or Edge)

• When you see the message that your certificate is not trusted, click on Install Certificate. Certificate Import Wizard will be launched.
• Import it into Trusted Root Certification Authorities and override the automatic selection.
• Finish working with the wizard.
• Restart the browser if needed.

Using Firefox

• Make sure that the browser is connected to Charles.
• Open https://chls.pro/ssl in Firefox. The browser will show a certificate import dialog. Choose “Trust this CA to identify websites” to finish the import.

Using Chrome

• First, you’ll need to save Charles root certificate as a Binary Certificate (.cer). This can be done in Charles’ Help menu, by clicking on the SSL Proxying tab.
• Go to Advanced Settings in Chrome and click “Manage certificates.”
• Import your newly saved certificate by clicking on the “Trusted Root Certification Authorities” tab.
• After you finish the procedure, all certificates signed by Charles will be automatically trusted by Chrome.

On macOS

• Launch Keychain and find Charles among the available options.
• Click on the certificate to open a panel and choose Trust.
• In the drop-down menu, select Always Trust and click OK.

After completing the above steps, you should have a ready-to-work setup. On the left side of the program’s interface, you will see the Structure/Sequence tree, where all the connections will appear. By clicking on them, you can see the requests that your app is making to domains. In the field on the right, all the request configurations and details will be shown.

If you need to collect data for future analysis, press the Recording button at the top. If you are interested in a specific domain, right-click on it and select Focus. This will hide all other domains under the Other Hosts group.

Installing Charles SSL certificate on mobile platforms

For IOS users, the process is rather simple. The SSL certificate can be installed only upon the HTTP proxy setup. To receive the SSL certificate, follow the link. Give your permission to install the certificate and use the proxy without any limitations.

Android users will face more difficulties, as they need to configure every particular app to trust Charles for making the whole thing work. To do this, add the Network Security Configuration File to the application. This file will make your app trust certificates installed by Charles.

Using Charles to modify Requests/Responses: Rewrite tool

When you can clearly see all requests to a necessary domain, you can try and modify them in order to find possible issues with your app or website. For example, you can try and change any parameter in the headers or the body of a request and check what response the server is going to give. You can also send a correct request but change the response to see how your app processes faulty responses. All of this can be done with the help of the Rewrite tool that is used exactly for that: modifying requests or responses.

Go to Tools>Rewrite>Enable Rewrite to be able to use it with any domain. When you click on the domain name, you will observe the Rewrite button in the bottom right corner. Click on it to add your location and rule. In the dialog window that appears, click Add and type * to process all the requests or a specific URL and path. In the rule field, click Add and:

• Select the type of rule you want to create in the drop-down menu.
• Check either Request or Response to specify where the rule will be applied.
• Use Match fields to write what request/response you will be working with or leave them blank to process all of them.
• Use Replace fields to enter either the name or the value of the rule you will modify.

What makes Charles Proxy stand out from similar propositions?

The software has many notable advantages over its competitors. First, there is a significant trial period, which allows users to gain a comprehensive view of the app’s potential. Charles proxy works with most operating systems and browsers available today, making it an ultimate solution for anyone. The whole system is fairly easy to use, especially if you aren’t planning to work with SSL encrypted websites (which, however, can hardly be a case in 2020).

Conclusion

When testing an app or website, checking its usability is not the only way to see if there are bugs and issues. To fully understand and eliminate possible issues with the network connections, using Charles or a similar tool for debugging is crucial. We recommend Charles because it can be installed within minutes, provides a significant number of useful features, and works on a wide variety of platforms.

Источник