Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019
Tweet

More Decks by Scott Alexander-Bown

Other Decks in Technology

Transcript

  1. FASTER MOBILE DEBUGGING
    USING A HTTP PROXY
    By Scott Alexander-Bown
    @ScottyAB
    SWmobile Meetup

    View full-size slide

  2. ➤Why
    ➤Charles
    ➤Features
    ➤Setup on Mobile
    ➤Tips

    View full-size slide

  3. Y THO?
    ➤ Debugging / Testing
    ➤ Simulate
    ➤ Slower connections
    ➤ Error states
    ➤ Hard to recreate server side set up
    ➤ More info for developers to fix the
    bug (mobile and/or API)

    View full-size slide

  4. REAL LIFE BUGS
    ➤ Double Attachment upload
    ➤ Concurrency issues with calls to /refreshKey
    ➤ Missing request params between iOS / Android
    ➤ Unnecessary API calls (push token registration)

    View full-size slide

  5. Proxy Server

    View full-size slide

  6. Disclaimer: Not tested this

    View full-size slide

  7. SINGLE SITE LICENCE
    *£39

    View full-size slide

  8. ALTERNATIVES
    ➤ Android Studio Network Profiler
    ➤ Chrome Dev tools
    ➤ Stetho (Android)
    ➤ Pony Debugger (iOS)
    ➤ Chuck (Android)
    ➤ MITM proxy
    ➤ Fiddler
    ➤ Others…

    View full-size slide

  9. SCREENSHOT OF ANDROID APP
    SESSION

    View full-size slide

  10. BREAKPOINTS
    ➤ “Does what it says on the tin”

    View full-size slide

  11. EDIT REQUEST / RESPONSE
    ➤ Simulating error responses
    ➤ Removing values from request
    ➤ Removing values from response

    View full-size slide

  12. RE-WRITE
    ➤ Similar to edit request/response but
    automated
    ➤ Import/Export re-write rules

    View full-size slide

  13. WILD CARD EXAMPLE

    View full-size slide

  14. MAP LOCAL / REMOTE
    ➤ Serve local files instead of those from
    server

    View full-size slide

  15. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Compose new Requests
    ➤ Web interface (useful when running Headless)
    ➤ Host OS proxy
    ➤ Import/Export Session
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls

    View full-size slide

  16. MOBILE DEVICE SETUP

    View full-size slide

  17. What about TLS/SSL?

    View full-size slide

  18. HELPER OPTIONS FOR ROOT SSL

    View full-size slide

  19. Go to
    http://www.charlesproxy.com/getssl/
    INSTALL THE ROOT CERT ->

    View full-size slide

  20. SSL PROXY RECAP
    ➤ Connect device to proxy via WiFi settings
    ➤ Install the Charles Proxy Root Cert
    ➤ Visit charlesproxy.com/getssl/
    ➤ Or Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    ➤ Profit £££!

    View full-size slide

  21. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Also disable SSL pinning (debug only)

    View full-size slide

  22. SIDE NOTE ANDROID 9+ (CLEAR TEXT)
    ➤ Clear Text (a.k.a http) is blocked by default on Android 9
    ➤ Requires Network Security Config to permit clear text
    ➤ Needed if you’re running API server locally

    View full-size slide

  23. TIPS
    ➤ Cut the noise (focus, filter and ignore)
    ➤ Sharing with team
    ➤ Export rules
    ➤ Save to Github Gist
    ➤ Get cURL of request

    View full-size slide

  24. TIPS
    ➤ Multiple Devices? - show Client IP
    ➤ Increase Connection and Read/Write timeouts
    ➤ Share root SSL certificate if sharing test devices

    View full-size slide

  25. FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

    View full-size slide

  26. By Scott Alexander-Bown
    @ScottyAB
    THANKS…
    If mobile is your thing check out the SWmobile meet up

    View full-size slide

  27. Thanks and Q&A
    By Scott Alexander-Bown
    @ScottyAB
    HOW DO YOU USE
    WEB PROXIES?
    If mobile is your thing check out the SWmobile meet up

    View full-size slide