This modual focuses on the installation of Charles root certificate in order to view SSL 443 responses. Thru Firewall, Install on Windows 10 and Google Chro. Note: As of Android N, there is a need to add network security configuration in native application in order to trust the SSL certificates generated by Charles SSL Proxying. That configuration has been added to Hybrid Client 7.41.
What is Charles Proxy?
Charles Proxy sits between your app and the Internet. All networking requests and responses will be passed through Charles Proxy, so you'll be able to inspect and even change data midstream to test how your app responds.
Installation
Go to Charles Proxy Download page and follow instructions to download and install it on your computer.
Configuring Charles Proxy
In order for any browser (or any application) to use Charles, it must be configured to use Charles as its proxy server.
Windows Proxy Settings
Make sure 'Windows Proxy' is checked and 'Mozilla Firefox Proxy' is not checked under the Proxy menu item.
Mac OS Proxy Settings
Make sure 'macOS Proxy' is checked and 'Mozilla Firefox Proxy' is not checked under the Proxy menu item.
SSL Certificates
The following instructions are for different browsers to help you trust your Charles Root Certificate so you wouldn't see certificate warnings.
Windows / Internet Explorer
In Charles go to the Help menu and choose 'SSL Proxying > Install Charles Root Certificate'. A window will appear warning you that the CA Root certificate is not trusted.
Click the 'Install Certificate' button to launch the Certificate Import Wizard. The certificate must be imported into the 'Trusted Root Certification Authorities' certificate store, so override the automatic certificate store selection.
Complete the wizard and your Charles Root Certificate is now installed. You may need to restart IE before the installation takes affect.
Mozilla Firefox
First, ensure that Firefox is connected to Charles. You should see browsing from Firefox being recorded in Charles.
Visit https://chls.pro/ssl in Firefox. You will be presented with a certificate import dialog. Tick the option 'Trust this CA to identify websites' and complete the import.
macOS
In Charles go to the Help menu and choose 'SSL Proxying > Install Charles Root Certificate'. Keychain Access will open. Find the 'Charles Proxy...' entry, and double-click to get info on it. Expand the 'Trust' section, and besides 'When using this certificate' change it from 'Use System Defaults' to 'Always Trust'. Then close the certificate info window, and you will be prompted for your Administrator password to update the system trust settings.
You may need to quit and reopen Safari to see the change.
Google Chrome
On macOS, please follow the instructions for the macOS above. These instructions only apply to Windows.
- In Charles go to the Help menu and choose 'SSL Proxying > Save Charles Root Certificate'. Save the root certificate as a Binary Certificate (.cer) to your desktop, or somewhere where you can easily access it in the next step.
- In Chrome, open the Settings. At the bottom of the settings page, click 'Advanced' to open the advanced section, then click the 'Manage certificates…' button.
- Go to the 'Trusted Root Certification Authorities' tab and click 'Import…'.
- Find the certificate file you saved from Charles in the previous step, then click Next and Finish, leaving the default options, until you complete the import. Chrome will now always trust certificates signed by Charles.
- After importing you can delete the certificate file that you saved.
Capturing logs
To start or stop recording click on the corresponding toolbar icon or under Proxy menu item with 'Start Recording' and 'Stop Recording' actions. Once started you can use any browser to go to youtube.com for example and search for 'Testlio' to get some traffic to appear.
Saving logs
Once you've stopped recording you can save your session by choosing File > Save Session.
When integrating features in your app that communicate over the internet, you may need to view SSL/HTTPS traffic for various reasons. For example, if you are implementing analytics in your app and notice data discrepancies with your analytics provider, you could inspect the exact data that is being sent to/from your app to isolate if the root cause of the discrepancy originates from the app. Analytics data is typically encrypted, therefore you need a mechanism to view the encrypted data in plain text to effectively troubleshoot.
With proxy support on Fire TV and using a popular proxy tool such as Charles Proxy, you can set up your Fire TV environment to view SSL/HTTPS traffic in plain text.
Prerequisites:
- Fire OS 6
- Fire TV (Gen 3)
- Fire TV Cube
- Fire TV Edition Toshiba
- Fire TV Edition Insignia
- Fire TV Stick 4K
- Charles Proxy, with SSL proxy support configured
Charles Ssl Proxying Enabled For This Host
1. Setting a proxy on Fire TV
- Bring up the Developer Tools Menu by one of the following two ways:
- Remote: 1) Press and hold the Select and Down buttons for five seconds release and then 2) Press the menu button
- ADB:
adb shell am start -n com.amazon.ssm/.ControlPanel
- Select Network Proxy
- Select Manual
- Enter your Charles proxy IP address
- Enter your Charles proxy port
- Click Save
Developer Tools Menu - Network Proxy
Network Proxy - Enter Proxy information
Installation
Go to Charles Proxy Download page and follow instructions to download and install it on your computer.
Configuring Charles Proxy
In order for any browser (or any application) to use Charles, it must be configured to use Charles as its proxy server.
Windows Proxy Settings
Make sure 'Windows Proxy' is checked and 'Mozilla Firefox Proxy' is not checked under the Proxy menu item.
Mac OS Proxy Settings
Make sure 'macOS Proxy' is checked and 'Mozilla Firefox Proxy' is not checked under the Proxy menu item.
SSL Certificates
The following instructions are for different browsers to help you trust your Charles Root Certificate so you wouldn't see certificate warnings.
Windows / Internet Explorer
In Charles go to the Help menu and choose 'SSL Proxying > Install Charles Root Certificate'. A window will appear warning you that the CA Root certificate is not trusted.
Click the 'Install Certificate' button to launch the Certificate Import Wizard. The certificate must be imported into the 'Trusted Root Certification Authorities' certificate store, so override the automatic certificate store selection.
Complete the wizard and your Charles Root Certificate is now installed. You may need to restart IE before the installation takes affect.
Mozilla Firefox
First, ensure that Firefox is connected to Charles. You should see browsing from Firefox being recorded in Charles.
Visit https://chls.pro/ssl in Firefox. You will be presented with a certificate import dialog. Tick the option 'Trust this CA to identify websites' and complete the import.
macOS
In Charles go to the Help menu and choose 'SSL Proxying > Install Charles Root Certificate'. Keychain Access will open. Find the 'Charles Proxy...' entry, and double-click to get info on it. Expand the 'Trust' section, and besides 'When using this certificate' change it from 'Use System Defaults' to 'Always Trust'. Then close the certificate info window, and you will be prompted for your Administrator password to update the system trust settings.
You may need to quit and reopen Safari to see the change.
Google Chrome
On macOS, please follow the instructions for the macOS above. These instructions only apply to Windows.
- In Charles go to the Help menu and choose 'SSL Proxying > Save Charles Root Certificate'. Save the root certificate as a Binary Certificate (.cer) to your desktop, or somewhere where you can easily access it in the next step.
- In Chrome, open the Settings. At the bottom of the settings page, click 'Advanced' to open the advanced section, then click the 'Manage certificates…' button.
- Go to the 'Trusted Root Certification Authorities' tab and click 'Import…'.
- Find the certificate file you saved from Charles in the previous step, then click Next and Finish, leaving the default options, until you complete the import. Chrome will now always trust certificates signed by Charles.
- After importing you can delete the certificate file that you saved.
Capturing logs
To start or stop recording click on the corresponding toolbar icon or under Proxy menu item with 'Start Recording' and 'Stop Recording' actions. Once started you can use any browser to go to youtube.com for example and search for 'Testlio' to get some traffic to appear.
Saving logs
Once you've stopped recording you can save your session by choosing File > Save Session.
When integrating features in your app that communicate over the internet, you may need to view SSL/HTTPS traffic for various reasons. For example, if you are implementing analytics in your app and notice data discrepancies with your analytics provider, you could inspect the exact data that is being sent to/from your app to isolate if the root cause of the discrepancy originates from the app. Analytics data is typically encrypted, therefore you need a mechanism to view the encrypted data in plain text to effectively troubleshoot.
With proxy support on Fire TV and using a popular proxy tool such as Charles Proxy, you can set up your Fire TV environment to view SSL/HTTPS traffic in plain text.
Prerequisites:
- Fire OS 6
- Fire TV (Gen 3)
- Fire TV Cube
- Fire TV Edition Toshiba
- Fire TV Edition Insignia
- Fire TV Stick 4K
- Charles Proxy, with SSL proxy support configured
Charles Ssl Proxying Enabled For This Host
1. Setting a proxy on Fire TV
- Bring up the Developer Tools Menu by one of the following two ways:
- Remote: 1) Press and hold the Select and Down buttons for five seconds release and then 2) Press the menu button
- ADB:
adb shell am start -n com.amazon.ssm/.ControlPanel
- Select Network Proxy
- Select Manual
- Enter your Charles proxy IP address
- Enter your Charles proxy port
- Click Save
Developer Tools Menu - Network Proxy
Network Proxy - Enter Proxy information
2. Embed the Charles Root Certificate in your app
- Add this file to your app, with the following contents:
res/xml/network_security_config.xml
- Add the Charles root certificate, in PEM (or DER) format, to
res/raw/my_ca
- Charles Proxy > Help > SSL Proxying > Save Charles Root Certificate...
- Rename the saved file to
my_ca
and copy the file tores/raw
Charles Ssl Proxy Android
3. Build your app and check Charles Proxy
Charles Proxy Server
References: