I <3 Charles Proxy

Transcript

1. I ❤ CHARLES By Scott Alexander-Bown

2. None

3. Proxy Server

4. None

5. Disclaimer: Not tested this

6. ALTERNATIVES ➤ Chrome Dev tools ➤ Stetho (Android) ➤ Pony

   Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…

7. SCREENSHOT OF ANDROID APP SESSION

8. BREAKPOINTS ➤ “Does what it says on the tin”

9. EDIT REQUEST / RESPONSE ➤ Simulating error responses from API

   ➤ Removing values from request/response to confirm things still work or fail where expected

10. THROTTLING

11. None

12. MOBILE DEVICE SETUP

13. None

14. What about TLS/SSL?

15. SSL PROXY ➤ Install the Charles Proxy Root Cert ➤

    Typically the generated Charles Root (different per install) ➤ Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis http://www.charlesproxy.com/getssl/

16. HELPER OPTIONS FOR ROOT SSL

17. SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to

    trust user installed certs ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store) ➤ Here’s the config

18. AND THAT’S NOT ALL ➤ DNS spoofing ➤ Web interface

    (useful when running Headless) ➤ macOS proxy ➤ Import/Export Session ➤ Focus on single domain ➤ Get cURL of request (used recently when debugging push token registration) ➤ Create Github Gist ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls

19. PROXY HELP SCOUT

20. THANKS

21. HOW DO YOU USE WEB PROXIES?