Upgrade to Pro — share decks privately, control downloads, hide ads and more …

I <3 Charles Proxy

I <3 Charles Proxy

Scott Alexander-Bown

November 29, 2018
Tweet

More Decks by Scott Alexander-Bown

Other Decks in Technology

Transcript

  1. ALTERNATIVES ➤ Chrome Dev tools ➤ Stetho (Android) ➤ Pony

    Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…
  2. EDIT REQUEST / RESPONSE ➤ Simulating error responses from API

    ➤ Removing values from request/response to confirm things still work or fail where expected
  3. SSL PROXY ➤ Install the Charles Proxy Root Cert ➤

    Typically the generated Charles Root (different per install) ➤ Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis http://www.charlesproxy.com/getssl/
  4. SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to

    trust user installed certs ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store) ➤ Here’s the config
  5. AND THAT’S NOT ALL ➤ DNS spoofing ➤ Web interface

    (useful when running Headless) ➤ macOS proxy ➤ Import/Export Session ➤ Focus on single domain ➤ Get cURL of request (used recently when debugging push token registration) ➤ Create Github Gist ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls