$30 off During Our Annual Pro Sale. View Details »

Charles でネットワークデバッギング

kumamotone
September 01, 2018
Programming
16
4.1k

Charles でネットワークデバッギング

iOSDC Japan 2018
2018/09/01 13:30〜 Track C レギュラートーク(15分)

Charles Proxy
http://charlesproxy.com/

iOSアプリ内で不正なSSL証明書を検知する / SSL Pinning for iOS apps - Speaker Deck
https://speakerdeck.com/kobakei/ssl-pinning-for-ios-apps

kumamotone

September 01, 2018
Tweet

More Decks by kumamotone

See All by kumamotone
Integration Test で パフォーマンス計測する
kumamotone
0
120
VSCodeから一発でProxymanを起動する
kumamotone
0
290
スワイプで閉じれる画像ビューアを作る
kumamotone
0
360
ColorFiltered で カメラフィルタを実装する
kumamotone
1
240
Swift Regex Builder
kumamotone
1
390
SwiftUI の @State, @ObservedObject, @EnvironmentObject
kumamotone
4
840
5分でわかる Kotlin Contracts
kumamotone
2
1k
しくみから理解するSwiftUI
kumamotone
5
1.8k
SwiftUI を理解するために必要な Swift 5.1 の新機能 (some View編)
kumamotone
11
3.7k

Other Decks in Programming

See All in Programming
​고군분투 LLM 프로덕트 적용기: Blind Prompting 부터 Agent까지
huffon
2
1.2k
net/httpからnet.Connを掘り起こす
hiroyaonoe
1
470
Software Productivity - Devfest Songdo 2023
veronikapj
0
180
Second-System Syndrome: A tale of power-assert
twada
PRO
9
3.6k
Scroll-driven AnimationsとCSSの進化
degudegu2510
1
100
Introducing Kotlin Multiplatform in an existing mobile app - Workshop Edition | DevFest Berlin 23
prof18
0
240
.NET 8世代のBlazorについて
tomokusaba
1
180
ブログのリアクションから始めるGoのパフォーマンス分析入門
always_allokay
0
110
Vue & Vite Rustify
kazupon
4
1k
集団意思決定の落とし穴と誰も望まない技術的負債
h0r15h0
0
2.8k
プロダクションで使うGo Pluginの利便性とパフォーマンス性 / Simplicity and Performance of Go plugin for Production
linyows
0
110
日時処理の新スタンダード: Synchro によるタイムゾーン安全、楽々開発
codehex
0
720

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
750
Scaling GitHub
holman
455
140k
What's in a price? How to price your products and services
michaelherold
236
10k
Producing Creativity
orderedlist
PRO
335
38k
VelocityConf: Rendering Performance Case Studies
addyosmani
319
23k
Music & Morning Musume
bryan
38
5.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
12
1.1k
[RailsConf 2023] Rails as a piece of cake
palkan
17
3.2k
GitHub's CSS Performance
jonrohan
1021
440k
Unsuck your backbone
ammeep
660
56k
Teambox: Starting and Learning
jrom
125
8.2k
Side Projects
sachag
450
39k

Transcript

  1. Charles Ͱ
    ωοτϫʔΫσόοΪϯά
    2018/09/01 13:30ʙ13:45 Track C
    iOSDC 2018
    twitter.com/kumamo_tone
    qiita.com/kumamotone
    github.com/kumamotone

    View Slide

  2. ࣗݾ঺հ
    • Kazumasa Kumamoto (۽ຊ ࿨ਖ਼)
    • iOS/AndroidΞϓϦΤϯδχΞˏϠϑʔ
    • ษڧձӡӦ
    • Twitter: @kumamo_tone

    View Slide

  3. View Slide

  4. ͜ͷࢿྉ
    • Charles ͷ঺հ
    • ࢖͍͔ͨͱ࢖͍Ͳ͜Ζ
    • ର৅ऀ
    • CharlesΛ࢖͍ͬͯͳ͍ਓ
    • ΑΓྑ͍σόοάͷํ๏Λ

    ߟ͍͑ͨਓ

    View Slide

  5. ͳͥ Charles Λ࢖͏ͷ͔ʁ

    View Slide

  6. ͳͥ Charles Λ࢖͏ͷ͔ʁ
    WebAPI
    iOSΞϓϦ
    ௨৴Λߦ͏ҰൠతͳΞϓϦ

    View Slide

  7. ෆ۩߹ͷݪҼ͸ͨ͘͞Μ͋Δ
    Ҿ༻: Introducing Charles for iOS, HUNTING THE NETWORKING FAULT@try! Swift Tokyo 2018
    ϦΫΤετ͸
    ૹ৴͞Ε͍ͯΔ͔ʁ
    ਖ਼͍͠
    ϦΫΤετ͔ͩͬͨʁ
    αʔό͸
    Ԡ౴͍ͯ͠Δͷ͔ʁ
    ωοτϫʔΫ͸
    ௨͍ͯ͡Δ͔ʁ
    ΫϥΠΞϯτͷॲཧ͸
    ਖ਼͍͔͠ʁ
    Ϩεϙϯε͸
    ਖ਼͔ͬͨ͠ͷ͔ʁ

    View Slide

  8. Ͳ͏΍ͬͯௐ΂Α͏ʁ
    • print / σόοΨͰ Breakpoint / LLDB ίϚϯυ
    • extension ΍ϥΠϒϥϦΛ༻ҙͯ͠ɺϩάΛు͘
    Codable ͷϚοϐϯάʹࣦഊ͍ͯ͠Δ৔߹΍ɺ

    ϨεϙϯεϔομͳͲɺσόοΨͰ͸ͨͲΓ͖ͭʹ͍͘෦෼͸ʁ
    Ͳͷํ๏Ͱ΋Ͱ͖Δ͕ɺ৭ʑͳํ๏Λ஌ͬͯ

    ͍ΔͱɺॊೈʹରԠͰ͖Δέʔε͕૿͑ΔΜ͡Ό ౰ͨΓલͷ͜ͱΛ
    ݴ͏ത࢜
    → XcodeΛ࢖Θͣʹௐ΂Δํ΋͋Δ

    View Slide

  9. Ͳ͏΍ͬͯௐ΂Α͏ʁ
    • print / σόοΨͰ Breakpoint / LLDB ίϚϯυ
    • extension ΍ϥΠϒϥϦΛ༻ҙͯ͠ɺϩάΛు͘
    Codable ͷϚοϐϯάʹࣦഊ͍ͯ͠Δ৔߹΍ɺ

    ϨεϙϯεϔομͳͲɺσόοΨͰ͸ͨͲΓ͖ͭʹ͍͘෦෼͸ʁ
    Ͳͷํ๏Ͱ΋Ͱ͖Δ͕ɺ৭ʑͳํ๏Λ஌ͬͯ

    ͍ΔͱɺॊೈʹରԠͰ͖Δέʔε͕૿͑ΔΜ͡Ό ౰ͨΓલͷ͜ͱΛ
    ݴ͏ത࢜
    → XcodeΛ࢖Θͣʹௐ΂Δํ΋͋Δ

    View Slide

  10. Charles Proxy

    View Slide

  11. Charles ProxyͰͰ͖Δ͜ͱ
    • ௨৴ͷؒʹڬΉ͜ͱͰɺ಺༰Λݟ΍͘͢දࣔͯ͘͠ΕΔ
    ϦΫΤετͷ͸999Ͱɺ
    Ϩεϙϯε͸:::΍ͬͨͰ

    View Slide

  12. ͨͩ͘͠σόοάͰ͖Ε͹ฏ࿨ʹͳΔ
    ֬ೝ͚ͨ͠Ͳ
    ΞϓϦͷϩδοΫ͸
    ਖ਼ͦ͠͏͔ͩΒ
    ΍ͬͺΓ"1*͕
    ͓͔͍͠ͱࢥ͏
    Ϩεϙϯεϔομͷ
    999͕ෆ଍͍ͯ͠Δ
    ͔΋ͳͷͰɺ֬͝ೝ
    ͍͚ͨͩ·͔͢ʁ
    ˚ɹແ༻ͳ૪͍Λট͘
    Մೳੑ͕͋Δ
    ˕ɹ͍ͭ͜…Ͱ͖Δοʂ

    View Slide

  13. Charles ͷ঺հ

    View Slide

  14. • ΫϩεϓϥοτϑΥʔϜ (mac OS / Windows / Linux)
    • HTTPϓϩΩγ
    • ༗ঈ (ࢼ༻൛͋Γ)
    Charles Web Debugging Proxy
    Charles ʹ

    ϦΫΤετ
    ୺຤ͷ୅ΘΓʹ

    Charles͕ϦΫΤετ
    ௨৴Λ$IBSMFT1SPYZΛܦ༝ͤ͞Δ͜ͱͰɺ

    $IBSMFTΛ௨ͬͨ௨৴ͷ಺༰ΛӾཡͨ͠Γɺ

    ॻ͖׵͑ͨΓͰ͖Δ

    View Slide

  15. • ϦΫΤετ/Ϩεϙϯεͷ಺༰ͷදࣔ
    • ϦΫΤετ/Ϩεϙϯεͷ಺༰ͷॻ׵͑
    • γεςϜઃఆͷࣗಈઃఆ
    • SSL/HTTPSαϙʔτ
    • SSL pinning ͱ͍͏ٕज़Λ࢖͑͹౪ௌɺվ͟ΜΛ๷ࢭͰ͖·͢
    ػೳ

    View Slide

  16. SSL Pinning ͱ࣮૷ํ๏ʢউखʹએ఻ʣ

    View Slide

  17. ػೳ
    • Throttle
    • 3GճઢͷγϛϡϨʔτ
    • Map Remote
    • ಛఆͷHost, Path, Query

    ʹରԠ͢ΔϦΫΤετΛɺ

    ผͷHost, Path, Queryʹసૹ͢Δ
    • DNS Spooling
    • DNS ͕ղܾ͢ΔIPΞυϨεΛมߋ
    • ηογϣϯͷอଘ/࠶ੜ(Auto Save Մ)
    • BlackList/WhiteList
    • ௨৴Λ௨͢/௨͞ͳ͍υϝΠϯΛࢦఆ
    • Port Forwarding
    • ผͷϙʔτΛࢦఆ
    • Protocol Buffers αϙʔτ
    • HTTP 2αϙʔτ

    View Slide

  18. ͓΋͠Ζʢʁʣػೳ
    • Mirror
    • ϨεϙϯεΛϩʔΧϧʹอଘ
    • ൒खಈΫϩʔϦϯάʹศར
    • Flash
    • AMFαϙʔτ
    • Command-line Tools
    • ϔουϨεϞʔυ
    • Web Interface
    • http://control.charles/ Ͱ

    ઃఆͷΦϯΦϑͳͲͷૢ࡞͕Մೳ

    Ϩεϙϯε͕ݟΕΔΘ͚Ͱ͸ͳ͍

    View Slide

  19. ͦͷ΄͔ͷબ୒ࢶ
    • mitmproxy
    • Charles ͱಉ͘͡

    Man-In-The-Middle ܕ ϓϩΩγ
    • Python ੡ OSS (brew/pipͰೖΔ)
    • CUI / Web ΠϯλϑΣʔε(β)
    • Python εΫϦϓςΟϯά API
    Charles ͷັྗ͸ɺݟ΍͢͞ɺ࢖͍΍͢͞

    View Slide

  20. Charles for iOS
    • ݕূ୺຤ͷΈͰ௨৴಺༰ͷ֬ೝ͕Ͱ͖Δ
    • ࢖͍Ͳ͜Ζ
    • ݕূ୺຤ͱmacͷωοτϫʔΫ͕ҧ͏
    • ΑΓखܰʹʢग़ઌͱ͔ʣ
    • ηογϣϯͷอଘ
    • Airdrop Ͱ mac ͱڞ༗
    • Cellular ճઢͰͷσόοά

    View Slide

  21. Πϯετʔϧɾઃఆํ๏
    1. Homebrew ͔ dmg ͔ΒΠϯετʔϧ (macOS ͷ৔߹)
    2. Proxy > SSL Proxy Settings ͔Β༗ޮʹ͢ΔυϝΠϯΛઃఆ
    3. ূ໌ॻΛΠϯετʔϧ
    4. ূ໌ॻΛ৴པʢmacOS, iOS ͸ಛʹ 10.3ʙʣ
    • ৄ͘͠͸εϥΠυ຤ඌͷ෇࿥Λ͝ཡ͍ͩ͘͞

    View Slide

  22. ࢖͍ํͱ࢖͍Ͳ͜Ζ

    View Slide

  23. ࢖͍ํͱ࢖͍Ͳ͜Ζ
    • Case.1 ݪҼௐࠪ
    • ϦΫΤετͱϨεϙϯεΛ֬ೝͯ͠ղܾ
    • Case.2 ಈ࡞֬ೝ
    • ϦΫΤετͱϨεϙϯεΛॻ͖׵͑ͯղܾ

    View Slide

  24. Case.1 ݪҼௐࠪ
    • ීஈͷσόοάͷͱ͖
    8FC"1*ͱͷ௨৴ͱɺ
    ͦͷલޙͷॲཧ͕

    ͏·͍͍ͬͯ͘ͳ͍ؾ͕͢Δ
    ͕ɺݪҼ͕Θ͔Βͳ͍ʜ
    Codable ͷϚοϐϯάҎલʹࣦഊ͍ͯ͠Δ৔߹΍ɺ

    σόοΨͰ͸ͨͲΓ͖ͭʹ͍͘෦෼Λݟ͍ͨͱ͖ʹ࢖͏ͱྑ͍

    View Slide

  25. Case.1 ݪҼௐࠪ
    • ʮαʔόʔͷฦ٫஋͕දࣔ͞Ε͍ͯͳ͍ʯͱڭ͑ͯ΋Βͬͨͱ͖
    ֬͝ೝ
    ͓ئ͍͠·͢
    ֬ೝ͠·͢
    ۓٸͷ৔߹Ͱ΋ɺྫྷ੩ʹ·ͣCharlesΛ։͖·͢

    View Slide

  26. Case.1 ݪҼௐࠪ
    • ϦΫΤετ͸ૹΕ͍ͯΔ͔ʁ
    Filter ͰߜΓࠐΈ
    Focus ͰߜΓࠐΈ

    View Slide

  27. Case.1 ݪҼௐࠪ
    • ϦΫΤετ͸ͨͩ͘͠ૹΒΕ͍ͯΔ͔ʁ
    • Overview
    • Ϩεϙϯείʔυ΍

    ௨৴ʹ͔͔ͬͨ࣌ؒͳͲ

    View Slide

  28. Case.1 ݪҼௐࠪ
    • ϦΫΤετ͸ͨͩ͘͠ૹΒΕ͍ͯΔ͔ʁ
    • Contents -> Headers
    • ϔομ৘ใ
    • Contents -> Query String
    • ύϥϝʔλ

    View Slide

  29. Case.1 ݪҼௐࠪ
    • ϦΫΤετ͸ͨͩ͘͠ૹΒΕ͍ͯΔ͔ʁ
    • ɹɹɹ Λબ୒͢Δͱ

    ϦΫΤετͷύϥϝʔλͳͲΛ

    ม͑ͯ࠶ϦΫΤετͰ͖Δ

    View Slide

  30. Case.1 ݪҼௐࠪ
    • Ϩεϙϯεͷ಺༰͸૝ఆͱ߹͍ͬͯΔ͔ʁ
    • Contents -> JSON
    • JSON Λݟ΍͘͢දࣔ
    • Contents -> JSON Text
    • JSON Λ੔ܗͯ͠දࣔ

    View Slide

  31. Case.2 ಈ࡞֬ೝ
    • ౤ߘ࣌ͷΤϥʔίʔυ౳ʹΑͬͯΤϥʔϝοηʔδΛมߋ͍ͨ͠
    • ຤ඌͷηϧ͕޿ࠂͷ৔߹ͷΈ༨നௐ੔͍ͨ͠
    ϞοΫΛ࡞ͬͨΓԾͷ஋ΛೖΕͯ΋͍͍͕ɺ

    ΞϓϦΛฤू͢Δ͜ͱͳ͘ɺ

    ϨεϙϯεΛࠩସ͑Δ͜ͱ΋Ͱ͖ΔΜ͡Ό

    View Slide

  32. Case.2 ಈ࡞֬ೝ
    • Ϩεϙϯεॻ͖׵͑ํ๏ 3छྨ
    • Map Local
    • Break Points / Edit Response
    • Rewrite
    ผͷαʔόΛࢀর͍ͤͨ͞ͱ͖͸ɺ
    Map Remote ΍ DNS SpoolingͰ
    ผͷυϝΠϯ/IPʹࢀরͤ͞Δͷ΋ΞϦ͡Ό

    View Slide

  33. Case.2 ಈ࡞֬ೝ
    • Map Local
    • ϩʔΧϧͷϑΝΠϧΛࢀরͤ͞Δ
    • ྫ: https://hoge.jp/user/1

    ΁ͷϦΫΤετͷͱ͖͸

    /Users/kumamoto/user1.json

    Λฦ͢
    ӈΫϦοΫϝχϡʔ͔Β Map Local Λબ୒

    View Slide

  34. Case.2 ಈ࡞֬ೝ
    • Break Points
    • ΠϯλϥΫςΟϒʹ಺༰Λฤू
    • ϦΫΤετ/Ϩεϙϯε

    ͷࡍʹμΠΞϩά্ཱ͕͕ͪΔ
    • Edit Response Ͱฤू
    ӈΫϦοΫϝχϡʔ͔Β BreakPoints Λબ୒

    View Slide

  35. Case.2 ಈ࡞֬ೝ
    • Rewrite
    • ಛఆͷਖ਼نදݱͰॻ׵͑ͳͲ
    • ྫ: user-agentΛಈతʹॻ͖׵͑
    Tools > Rewrite ͔Βબ୒

    View Slide

  36. Case.2 ಈ࡞֬ೝ
    3FXSJUF
    .BQ-PDBM
    #SFBL1PJOUT
    ϨεϙϯεΛʢԿ౓΋ʣࠩ͠ସ͍͑ͨʂ
    PSλΠϜΞ΢τ͕ઃఆ͞Ε͍ͯΔ
    ࣗಈͰॻ͖׵͑ΔϧʔϧΛઃఆ͍ͨ͠ʂ
    ϨεϙϯεΛʢͬ͘͞ͱʣࠩ͠ସ͍͑ͨʂ
    PSϦΫΤετΛࠩ͠ସ͍͑ͨ

    View Slide

  37. Case.2 ಈ࡞֬ೝ
    • APIͷ୲౰ऀ͕ผͷ৔߹͸ɺ

    ରԠΛ଴ͨͣʹਐΊΒΕΔ
    • Մมͷ UILabel ͷදࣔ͸่Ε͕ͪ
    • վߦ͸ͨͩ͘͠͞Ε͍ͯΔ͔ʁ
    • ຤ඌ͸ʮ…ʯʹͳ͍ͬͯΔ͔ʁ
    • ࣗಈςετ΍UnitςετͳͲ

    Ͱ΋୲อͰ͖Δͱ˓ ίʔυϨϏϡʔ༻ͷΩϟϓνϟ

    View Slide

  38. ·ͱΊ

    View Slide

  39. ·ͱΊ
    • Charles Proxy ͷ঺հ
    • ͍Ζ͍Ζͳػೳ͕͋Δ
    • ΞϓϦ։ൃͰಛʹศརͳػೳ
    • ௨৴಺༰Λݟ΍͘͢දࣔ
    • ௨৴಺༰ͷࠩସ͑
    • Map Local / Break Points / Rewrite
    • ҟৗܥ΍ɺUIͷදࣔ֬ೝʹศར

    View Slide

  40. Α͖σόοάϥΠϑΛ

    View Slide

  41. Thank you!

    View Slide

  42. ෇࿥: Charles ͷઃఆ

    View Slide

  43. Πϯετʔϧ
    • μ΢ϯϩʔυͯ͠ dmg ϑΝΠϧΛ࣮ߦ ϋϚΓͲ͜Ζφγ
    • HomebrewͰ΋ೖΔΈ͍ͨͰ͢ ( ɾ㲆ɾ)ͭ $ brew install charles
    Windows ͸ .msi , Linux ͸ APT/YUM ͰೖΔ

    View Slide

  44. ىಈ
    • Grant PrivilegesΛ

    બ୒ͯࣗ͠ಈઃఆ
    • ͜Ε͚ͩͰ

    ͍͍ͩͨͷΞϓϦͷ

    ௨৴಺༰͕ݟΕΔ
    • SSL(HTTPS)Ͱ҉߸Խ

    ͞Ε͍ͯΔ಺༰͸

    ઃఆ͕ඞཁʢ࣍ϖʔδʣ

    View Slide

  45. SSL ϓϩΩγઃఆ
    • Enable SSL Proxying ʹνΣοΫ͕ೖ͍ͬͯΔ͜ͱΛ֬ೝ
    • Proxy > SSL Proxy Settings ͔Β༗ޮʹ͢ΔυϝΠϯΛઃఆʢ* Ͱશ෦ʣ

    View Slide

  46. ূ໌ॻΛొ࿥
    • Help > SSL Proxying > Install Charles Root Certificate
    • ূ໌ॻΛʮৗʹ৴པʯ
    ݕࡧ૭Λ࢖͏ͱ͍͍͍ͧ

    View Slide

  47. SSLͷ௨৴͕ݟΕΔΑ͏ʹͳͬͨ

    View Slide

  48. iOS࣮ػͷઃఆ
    • ઃఆ > Wi-Fi > (઀ଓதͷSSID) > ϓϩΩγΛߏ੒ > खಈ
    • Charles ͷ IPΞυϨεͱϙʔτ(8888)ΛೖΕΔ
    IPΞυϨεΛௐ΂ͯiPhoneʹೖྗ͍ͨ͠ͱ͖͸ɺ
    ͯ͠ɺϢχόʔαϧΫϦοϓϘʔυ΁௥Ճ͢Δͱศར͡Ό
    ศརͳ͜ͱΛ
    ڭ͑ͯ͘ΕΔത࢜
    • Charles ͷ Help > Local IP Address ϝχϡʔͰίϐʔ
    ifconfig΍MacͷWiFiϚʔΫΛopt+ΫϦοΫͰ΋OK

    View Slide

  49. iOS࣮ػͷઃఆ
    • Charles ʹܨ͍ͰΔঢ়
    ଶͰ Safari Ͱ https://
    chls.pro/ssl ʹΞΫηε
    ͯ͠ূ໌ॻΛΠϯετʔ
    ϧ
    • Ұൠ > ৘ใ > ৴པॻઃ
    ఆ > Charles Proxy
    CA Λ Φϯ(iOS10.3ʙ)

    View Slide

  50. iOS Simulator ͷઃఆ
    • Help > SSL Proxying > Install Charles Root Certificate in iOS
    Simulator
    • iOS Simulator ͕͢Ͱʹ্ཱ͕͍ͪͬͯΔ৔߹͸ɺ

    Charles → iOS Simulator ͷॱʹ্ཱͪ͛௚͢

    View Slide

  51. EOP

    View Slide