Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019
Tweet

More Decks by Scott Alexander-Bown

Other Decks in Technology

Transcript

  1. FASTER MOBILE DEBUGGING
    USING A HTTP PROXY
    By Scott Alexander-Bown
    @ScottyAB
    SWmobile Meetup

    View Slide

  2. ➤Why
    ➤Charles
    ➤Features
    ➤Setup on Mobile
    ➤Tips

    View Slide

  3. Y THO?
    ➤ Debugging / Testing
    ➤ Simulate
    ➤ Slower connections
    ➤ Error states
    ➤ Hard to recreate server side set up
    ➤ More info for developers to fix the
    bug (mobile and/or API)

    View Slide

  4. REAL LIFE BUGS
    ➤ Double Attachment upload
    ➤ Concurrency issues with calls to /refreshKey
    ➤ Missing request params between iOS / Android
    ➤ Unnecessary API calls (push token registration)

    View Slide

  5. Proxy Server

    View Slide

  6. View Slide

  7. View Slide

  8. Disclaimer: Not tested this

    View Slide

  9. SINGLE SITE LICENCE
    *£39

    View Slide

  10. ALTERNATIVES
    ➤ Android Studio Network Profiler
    ➤ Chrome Dev tools
    ➤ Stetho (Android)
    ➤ Pony Debugger (iOS)
    ➤ Chuck (Android)
    ➤ MITM proxy
    ➤ Fiddler
    ➤ Others…

    View Slide

  11. View Slide

  12. SCREENSHOT OF ANDROID APP
    SESSION

    View Slide

  13. FEATURES

    View Slide

  14. BREAKPOINTS
    ➤ “Does what it says on the tin”

    View Slide

  15. EDIT REQUEST / RESPONSE
    ➤ Simulating error responses
    ➤ Removing values from request
    ➤ Removing values from response

    View Slide

  16. View Slide

  17. RE-WRITE
    ➤ Similar to edit request/response but
    automated
    ➤ Import/Export re-write rules

    View Slide

  18. WILD CARD EXAMPLE

    View Slide

  19. MAP LOCAL / REMOTE
    ➤ Serve local files instead of those from
    server

    View Slide

  20. THROTTLING

    View Slide

  21. View Slide

  22. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Compose new Requests
    ➤ Web interface (useful when running Headless)
    ➤ Host OS proxy
    ➤ Import/Export Session
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls

    View Slide

  23. CONVINCED?

    View Slide

  24. MOBILE DEVICE SETUP

    View Slide

  25. View Slide

  26. What about TLS/SSL?

    View Slide

  27. View Slide

  28. HELPER OPTIONS FOR ROOT SSL

    View Slide

  29. Go to
    http://www.charlesproxy.com/getssl/
    INSTALL THE ROOT CERT ->

    View Slide

  30. View Slide

  31. SSL PROXY RECAP
    ➤ Connect device to proxy via WiFi settings
    ➤ Install the Charles Proxy Root Cert
    ➤ Visit charlesproxy.com/getssl/
    ➤ Or Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    ➤ Profit £££!

    View Slide

  32. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Also disable SSL pinning (debug only)

    View Slide

  33. SIDE NOTE ANDROID 9+ (CLEAR TEXT)
    ➤ Clear Text (a.k.a http) is blocked by default on Android 9
    ➤ Requires Network Security Config to permit clear text
    ➤ Needed if you’re running API server locally

    View Slide

  34. TIPS
    ➤ Cut the noise (focus, filter and ignore)
    ➤ Sharing with team
    ➤ Export rules
    ➤ Save to Github Gist
    ➤ Get cURL of request

    View Slide

  35. TIPS
    ➤ Multiple Devices? - show Client IP
    ➤ Increase Connection and Read/Write timeouts
    ➤ Share root SSL certificate if sharing test devices

    View Slide

  36. FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

    View Slide

  37. By Scott Alexander-Bown
    @ScottyAB
    THANKS…
    If mobile is your thing check out the SWmobile meet up

    View Slide

  38. Thanks and Q&A
    By Scott Alexander-Bown
    @ScottyAB
    HOW DO YOU USE
    WEB PROXIES?
    If mobile is your thing check out the SWmobile meet up

    View Slide