Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Faster mobile debugging using a HTTP Proxy

Scott Alexander-Bown
November 02, 2019
Technology
0
16

Faster mobile debugging using a HTTP Proxy

HTTP proxies are an essential tool in your development process. It’ll speed up your dev/testing cycle and give you a greater understanding of what’s coming from and to your mobile app or SDK. This talk is aimed at mobile developers and tester building apps that communicate with to API backend. Likely some of you have used HTTP proxies such as this before but here we’ll dig deeper at all the features on offer e.g rewriting and remapping request and responses, basic load testing and SSL proxying and more. I’ll cover real world tips, gotches and how to setup your local environment for iOS and Android. The demos and walkthroughs will use Charles Web Proxy but the techniques are applicable to other free/open source web proxies. Leave the talk with a new essential tool in your Mobile development and testing arsenal!

Scott Alexander-Bown

November 02, 2019
Tweet

More Decks by Scott Alexander-Bown

See All by Scott Alexander-Bown
Fundamentals of creating Android mobile apps
scottyab
0
23
What's 'Q' in Android Security
scottyab
0
57
I <3 Charles Proxy
scottyab
0
36
What_s_new_from_Google_IO_2018.pdf
scottyab
0
46
Doppl, an intro!
scottyab
0
34
OMG What's new in Security
scottyab
0
46
What's New from Google I/O 2017
scottyab
0
55
What's Nnnnnew in Security Droidcon IT
scottyab
1
55
Android Things
scottyab
0
220

Other Decks in Technology

See All in Technology
位置情報ビッグデータの可視化技術の紹介と実社会での活用
sbtechnight
PRO
1
370
アフリカの通信・教育問題をNTN×Edtechで解決!
sbtechnight
PRO
0
360
Linuxのブロックデバイス
sat
PRO
4
1.6k
リアルとデジタルをつなぐ、Web3社会実装への取り組み
sbtechnight
PRO
0
380
“品質”をみんなのものにするために行なっている入社者オンボーディング/Onboarding new members to think about "quality" together
mii3king
0
200
SNS投稿を使ってクラウド障害を検知してみた
sbtechnight
PRO
0
400
「はたらく」前に知るべきIT企業5つのヒミツ 〜プロが教えるプロダクト開発最前線〜 / geeksai_2023spring
visional_engineering_and_design
0
240
New Relic Lookoutはいいぞ!
kazumax55
0
190
Oracle Exadata Database Service on [email protected] ([email protected]) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
0
280
Kubernetes + containerd で cgroup v2 に移行したら "failed to create fsnotify watcher" エラーが発生する原因と対策
superbrothers
0
370
様々な環境へコマンドラインツールを提供する上での苦労とその対策 / YAPC::Kyoto 2023
konboi
0
320
技育祭2023春 ちゅらデータ講演資料
foursue
1
460

Featured

See All Featured
For a Future-Friendly Web
brad_frost
166
7.9k
Three Pipe Problems
jasonvnalue
89
9k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
The Illustrated Children's Guide to Kubernetes
chrisshort
23
43k
Six Lessons from altMBA
skipperchong
15
2.4k
Practical Orchestrator
shlominoach
178
9k
Designing for Performance
lara
600
65k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Building Adaptive Systems
keathley
28
1.4k
What's in a price? How to price your products and services
michaelherold
233
9.8k
Building Flexible Design Systems
yeseniaperezcruz
314
35k

Transcript

  1. FASTER MOBILE DEBUGGING
    USING A HTTP PROXY
    By Scott Alexander-Bown
    @ScottyAB
    SWmobile Meetup

    View Slide

  2. ➤Why
    ➤Charles
    ➤Features
    ➤Setup on Mobile
    ➤Tips

    View Slide

  3. Y THO?
    ➤ Debugging / Testing
    ➤ Simulate
    ➤ Slower connections
    ➤ Error states
    ➤ Hard to recreate server side set up
    ➤ More info for developers to fix the
    bug (mobile and/or API)

    View Slide

  4. REAL LIFE BUGS
    ➤ Double Attachment upload
    ➤ Concurrency issues with calls to /refreshKey
    ➤ Missing request params between iOS / Android
    ➤ Unnecessary API calls (push token registration)

    View Slide

  5. Proxy Server

    View Slide

  6. View Slide

  7. View Slide

  8. Disclaimer: Not tested this

    View Slide

  9. SINGLE SITE LICENCE
    *£39

    View Slide

  10. ALTERNATIVES
    ➤ Android Studio Network Profiler
    ➤ Chrome Dev tools
    ➤ Stetho (Android)
    ➤ Pony Debugger (iOS)
    ➤ Chuck (Android)
    ➤ MITM proxy
    ➤ Fiddler
    ➤ Others…

    View Slide

  11. View Slide

  12. SCREENSHOT OF ANDROID APP
    SESSION

    View Slide

  13. FEATURES

    View Slide

  14. BREAKPOINTS
    ➤ “Does what it says on the tin”

    View Slide

  15. EDIT REQUEST / RESPONSE
    ➤ Simulating error responses
    ➤ Removing values from request
    ➤ Removing values from response

    View Slide

  16. View Slide

  17. RE-WRITE
    ➤ Similar to edit request/response but
    automated
    ➤ Import/Export re-write rules

    View Slide

  18. WILD CARD EXAMPLE

    View Slide

  19. MAP LOCAL / REMOTE
    ➤ Serve local files instead of those from
    server

    View Slide

  20. THROTTLING

    View Slide

  21. View Slide

  22. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Compose new Requests
    ➤ Web interface (useful when running Headless)
    ➤ Host OS proxy
    ➤ Import/Export Session
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls

    View Slide

  23. CONVINCED?

    View Slide

  24. MOBILE DEVICE SETUP

    View Slide

  25. View Slide

  26. What about TLS/SSL?

    View Slide

  27. View Slide

  28. HELPER OPTIONS FOR ROOT SSL

    View Slide

  29. Go to
    http://www.charlesproxy.com/getssl/
    INSTALL THE ROOT CERT ->

    View Slide

  30. View Slide

  31. SSL PROXY RECAP
    ➤ Connect device to proxy via WiFi settings
    ➤ Install the Charles Proxy Root Cert
    ➤ Visit charlesproxy.com/getssl/
    ➤ Or Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    ➤ Profit £££!

    View Slide

  32. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Also disable SSL pinning (debug only)

    View Slide

  33. SIDE NOTE ANDROID 9+ (CLEAR TEXT)
    ➤ Clear Text (a.k.a http) is blocked by default on Android 9
    ➤ Requires Network Security Config to permit clear text
    ➤ Needed if you’re running API server locally

    View Slide

  34. TIPS
    ➤ Cut the noise (focus, filter and ignore)
    ➤ Sharing with team
    ➤ Export rules
    ➤ Save to Github Gist
    ➤ Get cURL of request

    View Slide

  35. TIPS
    ➤ Multiple Devices? - show Client IP
    ➤ Increase Connection and Read/Write timeouts
    ➤ Share root SSL certificate if sharing test devices

    View Slide

  36. FEEDBACK: DID YOU LIKE THIS TALK? @SCOTTYAB

    View Slide

  37. By Scott Alexander-Bown
    @ScottyAB
    THANKS…
    If mobile is your thing check out the SWmobile meet up

    View Slide

  38. Thanks and Q&A
    By Scott Alexander-Bown
    @ScottyAB
    HOW DO YOU USE
    WEB PROXIES?
    If mobile is your thing check out the SWmobile meet up

    View Slide