Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
I <3 Charles Proxy
Search
Scott Alexander-Bown
November 29, 2018
Technology
120
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
I <3 Charles Proxy
Scott Alexander-Bown
November 29, 2018
More Decks by Scott Alexander-Bown
See All by Scott Alexander-Bown
What's New In Android 15 Security
scottyab
0
260
Fundamentals of creating Android mobile apps
scottyab
0
100
What's 'Q' in Android Security
scottyab
0
360
Faster mobile debugging using a HTTP Proxy
scottyab
0
85
What_s_new_from_Google_IO_2018.pdf
scottyab
0
180
Doppl, an intro!
scottyab
0
130
OMG What's new in Security
scottyab
0
86
What's New from Google I/O 2017
scottyab
0
150
What's Nnnnnew in Security Droidcon IT
scottyab
1
160
Other Decks in Technology
See All in Technology
勉強会企画をアプリで構造化してみた 〜そこで見えた、AIとの付き合い方〜 / I've structured a study group plan using an app.
pauli
0
330
小さいから、全部わかる。— 常駐AI "xangi" のすすめ
sugupoko
0
280
知見・人・API・DB・予算 ─ ナイナイ尽くしだった人事データ整備 with dbt、5年間の学び
ken6377
1
170
SRE Next 2026 何でも屋からの脱却
bto
0
130
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
2
530
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
270
Keeping applications secure by evolving OAuth 2.0 and OpenID Connect
ahus1
PRO
1
150
Baseline対応のDOMの型定義を作った
uhyo
3
720
product engineering with qa
nealle
0
150
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
3
2.9k
最近評価が難しくなった
maroon8021
0
260
事業価値を⽣み出すSREへ SREが担うべき意思決定の5層
kenta_hi
2
2.5k
Featured
See All Featured
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
600
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.7k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
390
Docker and Python
trallard
47
3.9k
Context Engineering - Making Every Token Count
addyosmani
9
1k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
First, design no harm
axbom
PRO
2
1.2k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
2
310
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
150
Technical Leadership for Architectural Decision Making
baasie
3
430
Transcript
I ❤ CHARLES By Scott Alexander-Bown
None
Proxy Server
None
Disclaimer: Not tested this
ALTERNATIVES ➤ Chrome Dev tools ➤ Stetho (Android) ➤ Pony
Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…
SCREENSHOT OF ANDROID APP SESSION
BREAKPOINTS ➤ “Does what it says on the tin”
EDIT REQUEST / RESPONSE ➤ Simulating error responses from API
➤ Removing values from request/response to confirm things still work or fail where expected
THROTTLING
None
MOBILE DEVICE SETUP
None
What about TLS/SSL?
SSL PROXY ➤ Install the Charles Proxy Root Cert ➤
Typically the generated Charles Root (different per install) ➤ Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis http://www.charlesproxy.com/getssl/
HELPER OPTIONS FOR ROOT SSL
SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to
trust user installed certs ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store) ➤ Here’s the config
AND THAT’S NOT ALL ➤ DNS spoofing ➤ Web interface
(useful when running Headless) ➤ macOS proxy ➤ Import/Export Session ➤ Focus on single domain ➤ Get cURL of request (used recently when debugging push token registration) ➤ Create Github Gist ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls
PROXY HELP SCOUT
THANKS
HOW DO YOU USE WEB PROXIES?