Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Scott Alexander-Bown
November 02, 2019
Technology
0
21

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019
Tweet

More Decks by Scott Alexander-Bown

See All by Scott Alexander-Bown
Fundamentals of creating Android mobile apps
scottyab
0
37
What's 'Q' in Android Security
scottyab
0
150
I <3 Charles Proxy
scottyab
0
39
What_s_new_from_Google_IO_2018.pdf
scottyab
0
55
Doppl, an intro!
scottyab
0
47
OMG What's new in Security
scottyab
0
54
What's New from Google I/O 2017
scottyab
0
86
What's Nnnnnew in Security Droidcon IT
scottyab
1
85
Android Things
scottyab
0
220

Other Decks in Technology

See All in Technology
セキュリティ研修 Day1【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
160
dxd2024-生成AIに振り回された3か月間の成功と失敗/dxd2024-link-and-motivation
lmi
2
260
サービス開発を前に進めるために 新米リードエンジニアが 取り組んだこと / Steps Taken by a Novice Lead Engineer to Advance Service Development
nologyance
0
180
CEL(Common Expression Language)で書いた条件にマッチしたIAM Policyを見つける / iam-policy-finder
fujiwara3
0
710
大規模ドラレコデータ収集・機械学習基盤を支える AWS CDK 〜導入・運用事例紹介〜
pemugi
0
110
CTOから見た事業開発とプロダクト開発 / My Perspective on Business and Product Development as CTO
keisuke69
4
960
スレットハンティングについて知っておきたいこと
hacket
0
130
AI研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
130
LINE WORKSへ簡単通知!Incoming Webhookアプリの紹介
mmclsntr
0
110
たくさん本を読んだけど 1年後には綺麗サッパリ!を乗り越えて 学習の鬼になるぞ👹
yum3
0
160
20240717_イケコパ代表Copilot_in_Teams会社でこう使ってます
ponponmikankan
2
430
LLMアプリケーションの評価の実践と課題 ~PharmaXにおける今後の展望~
pharma_x_tech
2
160

Featured

See All Featured
Building Applications with DynamoDB
mza
89
5.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
44
4.7k
Designing for Performance
lara
604
67k
What's in a price? How to price your products and services
michaelherold
239
11k
Building an army of robots
kneath
301
42k
No one is an island. Learnings from fostering a developers community.
thoeni
17
2.8k
Fireside Chat
paigeccino
25
2.8k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
662
120k
How to train your dragon (web standard)
notwaldorf
79
5.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
121
18k
Creatively Recalculating Your Daily Design Routine
revolveconf
214
11k
The Mythical Team-Month
searls
217
43k

Transcript

  1. FASTER MOBILE DEBUGGING USING A HTTP PROXY By Scott Alexander-Bown

    @ScottyAB SWmobile Meetup

  2. ➤Why ➤Charles ➤Features ➤Setup on Mobile ➤Tips

  3. Y THO? ➤ Debugging / Testing ➤ Simulate ➤ Slower

    connections ➤ Error states ➤ Hard to recreate server side set up ➤ More info for developers to fix the bug (mobile and/or API)

  4. REAL LIFE BUGS ➤ Double Attachment upload ➤ Concurrency issues

    with calls to /refreshKey ➤ Missing request params between iOS / Android ➤ Unnecessary API calls (push token registration)

  5. Proxy Server

  6. None
  7. None

  8. Disclaimer: Not tested this

  9. SINGLE SITE LICENCE *£39

  10. ALTERNATIVES ➤ Android Studio Network Profiler ➤ Chrome Dev tools

    ➤ Stetho (Android) ➤ Pony Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…
  11. None

  12. SCREENSHOT OF ANDROID APP SESSION

  13. FEATURES

  14. BREAKPOINTS ➤ “Does what it says on the tin”

  15. EDIT REQUEST / RESPONSE ➤ Simulating error responses ➤ Removing

    values from request ➤ Removing values from response
  16. None

  17. RE-WRITE ➤ Similar to edit request/response but automated ➤ Import/Export

    re-write rules

  18. WILD CARD EXAMPLE

  19. MAP LOCAL / REMOTE ➤ Serve local files instead of

    those from server

  20. THROTTLING

  21. None

  22. AND THAT’S NOT ALL ➤ DNS spoofing ➤ Compose new

    Requests ➤ Web interface (useful when running Headless) ➤ Host OS proxy ➤ Import/Export Session ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls

  23. CONVINCED?

  24. MOBILE DEVICE SETUP

  25. None

  26. What about TLS/SSL?

  27. None

  28. HELPER OPTIONS FOR ROOT SSL

  29. Go to http://www.charlesproxy.com/getssl/ INSTALL THE ROOT CERT ->

  30. None

  31. SSL PROXY RECAP ➤ Connect device to proxy via WiFi

    settings ➤ Install the Charles Proxy Root Cert ➤ Visit charlesproxy.com/getssl/ ➤ Or Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis ➤ Profit £££!

  32. SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to

    trust user installed certs ➤ Also disable SSL pinning (debug only)

  33. SIDE NOTE ANDROID 9+ (CLEAR TEXT) ➤ Clear Text (a.k.a

    http) is blocked by default on Android 9 ➤ Requires Network Security Config to permit clear text ➤ Needed if you’re running API server locally

  34. TIPS ➤ Cut the noise (focus, filter and ignore) ➤

    Sharing with team ➤ Export rules ➤ Save to Github Gist ➤ Get cURL of request

  35. TIPS ➤ Multiple Devices? - show Client IP ➤ Increase

    Connection and Read/Write timeouts ➤ Share root SSL certificate if sharing test devices

  36. FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

  37. By Scott Alexander-Bown @ScottyAB THANKS… If mobile is your thing

    check out the SWmobile meet up

  38. Thanks and Q&A By Scott Alexander-Bown @ScottyAB HOW DO YOU

    USE WEB PROXIES? If mobile is your thing check out the SWmobile meet up