Tweet
Tweet

Slide 1

Slide 1 text

FASTER MOBILE DEBUGGING USING A HTTP PROXY By Scott Alexander-Bown @ScottyAB SWmobile Meetup

Slide 2

Slide 2 text

➤Why ➤Charles ➤Features ➤Setup on Mobile ➤Tips

Slide 3

Slide 3 text

Y THO? ➤ Debugging / Testing ➤ Simulate ➤ Slower connections ➤ Error states ➤ Hard to recreate server side set up ➤ More info for developers to fix the bug (mobile and/or API)

Slide 4

Slide 4 text

REAL LIFE BUGS ➤ Double Attachment upload ➤ Concurrency issues with calls to /refreshKey ➤ Missing request params between iOS / Android ➤ Unnecessary API calls (push token registration)

Slide 5

Slide 5 text

Proxy Server

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Disclaimer: Not tested this

Slide 9

Slide 9 text

SINGLE SITE LICENCE *£39

Slide 10

Slide 10 text

ALTERNATIVES ➤ Android Studio Network Profiler ➤ Chrome Dev tools ➤ Stetho (Android) ➤ Pony Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

SCREENSHOT OF ANDROID APP SESSION

Slide 13

Slide 13 text

FEATURES

Slide 14

Slide 14 text

BREAKPOINTS ➤ “Does what it says on the tin”

Slide 15

Slide 15 text

EDIT REQUEST / RESPONSE ➤ Simulating error responses ➤ Removing values from request ➤ Removing values from response

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

RE-WRITE ➤ Similar to edit request/response but automated ➤ Import/Export re-write rules

Slide 18

Slide 18 text

WILD CARD EXAMPLE

Slide 19

Slide 19 text

MAP LOCAL / REMOTE ➤ Serve local files instead of those from server

Slide 20

Slide 20 text

THROTTLING

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

AND THAT’S NOT ALL ➤ DNS spoofing ➤ Compose new Requests ➤ Web interface (useful when running Headless) ➤ Host OS proxy ➤ Import/Export Session ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls

Slide 23

Slide 23 text

CONVINCED?

Slide 24

Slide 24 text

MOBILE DEVICE SETUP

Slide 25

Slide 25 text

No content

Slide 26

Slide 26 text

What about TLS/SSL?

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

HELPER OPTIONS FOR ROOT SSL

Slide 29

Slide 29 text

Go to http://www.charlesproxy.com/getssl/ INSTALL THE ROOT CERT ->

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

SSL PROXY RECAP ➤ Connect device to proxy via WiFi settings ➤ Install the Charles Proxy Root Cert ➤ Visit charlesproxy.com/getssl/ ➤ Or Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis ➤ Profit £££!

Slide 32

Slide 32 text

SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to trust user installed certs ➤ Also disable SSL pinning (debug only)

Slide 33

Slide 33 text

SIDE NOTE ANDROID 9+ (CLEAR TEXT) ➤ Clear Text (a.k.a http) is blocked by default on Android 9 ➤ Requires Network Security Config to permit clear text ➤ Needed if you’re running API server locally

Slide 34

Slide 34 text

TIPS ➤ Cut the noise (focus, filter and ignore) ➤ Sharing with team ➤ Export rules ➤ Save to Github Gist ➤ Get cURL of request

Slide 35

Slide 35 text

TIPS ➤ Multiple Devices? - show Client IP ➤ Increase Connection and Read/Write timeouts ➤ Share root SSL certificate if sharing test devices

Slide 36

Slide 36 text

FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

Slide 37

Slide 37 text

By Scott Alexander-Bown @ScottyAB THANKS… If mobile is your thing check out the SWmobile meet up

Slide 38

Slide 38 text

Thanks and Q&A By Scott Alexander-Bown @ScottyAB HOW DO YOU USE WEB PROXIES? If mobile is your thing check out the SWmobile meet up