Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Scott Alexander-Bown
November 02, 2019
Technology
0
45

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019
Tweet

More Decks by Scott Alexander-Bown

See All by Scott Alexander-Bown
What's New In Android 15 Security
scottyab
0
87
Fundamentals of creating Android mobile apps
scottyab
0
51
What's 'Q' in Android Security
scottyab
0
240
I <3 Charles Proxy
scottyab
0
54
What_s_new_from_Google_IO_2018.pdf
scottyab
0
89
Doppl, an intro!
scottyab
0
67
OMG What's new in Security
scottyab
0
64
What's New from Google I/O 2017
scottyab
0
100
What's Nnnnnew in Security Droidcon IT
scottyab
1
110

Other Decks in Technology

See All in Technology
ソフトウェア開発現代史: "LeanとDevOpsの科学"の「科学」とは何か? - DORA Report 10年の変遷を追って - #DevOpsDaysTokyo
takabow
0
180
「家族アルバム みてね」を支えるS3ライフサイクル戦略
fanglang
4
650
MCP Documentation Server @AI Coding Meetup #1
yyoshiki41
2
2.6k
データベースで見る『家族アルバム みてね』の変遷 / The Evolution of Family Album Through the Lens of Databases
kohbis
4
1.1k
古き良き Laravel のシステムは関数型スタイルでリファクタできるのか
leveragestech
1
620
Classmethod AI Talks(CATs) #21 司会進行スライド(2025.04.17) / classmethod-ai-talks-aka-cats_moderator-slides_vol21_2025-04-17
shinyaa31
0
350
アセスメントで紐解く、10Xのデータマネジメントの軌跡
10xinc
1
320
AWSLambdaMCPServerを使ってツールとMCPサーバを分離する
tkikuchi
1
1.6k
YOLOv10~v12
tenten0727
3
820
AWSのマルチアカウント管理 ベストプラクティス最新版 2025 / Multi-Account management on AWS best practice 2025
ohmura
3
150
Enterprise AI in 2025?
pamelafox
0
150
ゆるくVPC Latticeについてまとめてみたら、意外と奥深い件
masakiokuda
2
230

Featured

See All Featured
Building Adaptive Systems
keathley
41
2.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
Site-Speed That Sticks
csswizardry
5
480
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
380
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.1k
RailsConf 2023
tenderlove
30
1.1k

Transcript

  1. FASTER MOBILE DEBUGGING USING A HTTP PROXY By Scott Alexander-Bown

    @ScottyAB SWmobile Meetup

  2. ➤Why ➤Charles ➤Features ➤Setup on Mobile ➤Tips

  3. Y THO? ➤ Debugging / Testing ➤ Simulate ➤ Slower

    connections ➤ Error states ➤ Hard to recreate server side set up ➤ More info for developers to fix the bug (mobile and/or API)

  4. REAL LIFE BUGS ➤ Double Attachment upload ➤ Concurrency issues

    with calls to /refreshKey ➤ Missing request params between iOS / Android ➤ Unnecessary API calls (push token registration)

  5. Proxy Server

  6. None
  7. None

  8. Disclaimer: Not tested this

  9. SINGLE SITE LICENCE *£39

  10. ALTERNATIVES ➤ Android Studio Network Profiler ➤ Chrome Dev tools

    ➤ Stetho (Android) ➤ Pony Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…
  11. None

  12. SCREENSHOT OF ANDROID APP SESSION

  13. FEATURES

  14. BREAKPOINTS ➤ “Does what it says on the tin”

  15. EDIT REQUEST / RESPONSE ➤ Simulating error responses ➤ Removing

    values from request ➤ Removing values from response
  16. None

  17. RE-WRITE ➤ Similar to edit request/response but automated ➤ Import/Export

    re-write rules

  18. WILD CARD EXAMPLE

  19. MAP LOCAL / REMOTE ➤ Serve local files instead of

    those from server

  20. THROTTLING

  21. None

  22. AND THAT’S NOT ALL ➤ DNS spoofing ➤ Compose new

    Requests ➤ Web interface (useful when running Headless) ➤ Host OS proxy ➤ Import/Export Session ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls

  23. CONVINCED?

  24. MOBILE DEVICE SETUP

  25. None

  26. What about TLS/SSL?

  27. None

  28. HELPER OPTIONS FOR ROOT SSL

  29. Go to http://www.charlesproxy.com/getssl/ INSTALL THE ROOT CERT ->

  30. None

  31. SSL PROXY RECAP ➤ Connect device to proxy via WiFi

    settings ➤ Install the Charles Proxy Root Cert ➤ Visit charlesproxy.com/getssl/ ➤ Or Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis ➤ Profit £££!

  32. SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to

    trust user installed certs ➤ Also disable SSL pinning (debug only)

  33. SIDE NOTE ANDROID 9+ (CLEAR TEXT) ➤ Clear Text (a.k.a

    http) is blocked by default on Android 9 ➤ Requires Network Security Config to permit clear text ➤ Needed if you’re running API server locally

  34. TIPS ➤ Cut the noise (focus, filter and ignore) ➤

    Sharing with team ➤ Export rules ➤ Save to Github Gist ➤ Get cURL of request

  35. TIPS ➤ Multiple Devices? - show Client IP ➤ Increase

    Connection and Read/Write timeouts ➤ Share root SSL certificate if sharing test devices

  36. FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

  37. By Scott Alexander-Bown @ScottyAB THANKS… If mobile is your thing

    check out the SWmobile meet up

  38. Thanks and Q&A By Scott Alexander-Bown @ScottyAB HOW DO YOU

    USE WEB PROXIES? If mobile is your thing check out the SWmobile meet up