Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019

More Decks by Scott Alexander-Bown

Other Decks in Technology


  1. Y THO? ➤ Debugging / Testing ➤ Simulate ➤ Slower

    connections ➤ Error states ➤ Hard to recreate server side set up ➤ More info for developers to fix the bug (mobile and/or API)
  2. REAL LIFE BUGS ➤ Double Attachment upload ➤ Concurrency issues

    with calls to /refreshKey ➤ Missing request params between iOS / Android ➤ Unnecessary API calls (push token registration)
  3. ALTERNATIVES ➤ Android Studio Network Profiler ➤ Chrome Dev tools

    ➤ Stetho (Android) ➤ Pony Debugger (iOS) ➤ Chuck (Android) ➤ MITM proxy ➤ Fiddler ➤ Others…
  4. EDIT REQUEST / RESPONSE ➤ Simulating error responses ➤ Removing

    values from request ➤ Removing values from response
  5. AND THAT’S NOT ALL ➤ DNS spoofing ➤ Compose new

    Requests ➤ Web interface (useful when running Headless) ➤ Host OS proxy ➤ Import/Export Session ➤ Repeat aka basic load testing (multiple times with optional delays) ➤ Whitelist, Blacklist(block), Ignore urls
  6. SSL PROXY RECAP ➤ Connect device to proxy via WiFi

    settings ➤ Install the Charles Proxy Root Cert ➤ Visit charlesproxy.com/getssl/ ➤ Or Provide your own SSL root cert ➤ Enable SSL Proxying on per domain basis ➤ Profit £££!
  7. SIDE NOTE ANDROID 7+ ➤ Requires Network Security Config to

    trust user installed certs ➤ Also disable SSL pinning (debug only)
  8. SIDE NOTE ANDROID 9+ (CLEAR TEXT) ➤ Clear Text (a.k.a

    http) is blocked by default on Android 9 ➤ Requires Network Security Config to permit clear text ➤ Needed if you’re running API server locally
  9. TIPS ➤ Cut the noise (focus, filter and ignore) ➤

    Sharing with team ➤ Export rules ➤ Save to Github Gist ➤ Get cURL of request
  10. TIPS ➤ Multiple Devices? - show Client IP ➤ Increase

    Connection and Read/Write timeouts ➤ Share root SSL certificate if sharing test devices
  11. Thanks and Q&A By Scott Alexander-Bown @ScottyAB HOW DO YOU

    USE WEB PROXIES? If mobile is your thing check out the SWmobile meet up