$30 off During Our Annual Pro Sale. View Details »

I <3 Charles Proxy

I <3 Charles Proxy

Scott Alexander-Bown

November 29, 2018
Tweet

More Decks by Scott Alexander-Bown

Other Decks in Technology

Transcript

  1. I ❤ CHARLES
    By Scott Alexander-Bown

    View Slide

  2. View Slide

  3. Proxy Server

    View Slide

  4. View Slide

  5. Disclaimer: Not tested this

    View Slide

  6. ALTERNATIVES
    ➤ Chrome Dev tools
    ➤ Stetho (Android)
    ➤ Pony Debugger (iOS)
    ➤ Chuck (Android)
    ➤ MITM proxy
    ➤ Fiddler
    ➤ Others…

    View Slide

  7. SCREENSHOT OF ANDROID APP
    SESSION

    View Slide

  8. BREAKPOINTS
    ➤ “Does what it says on the tin”

    View Slide

  9. EDIT REQUEST / RESPONSE
    ➤ Simulating error responses from API
    ➤ Removing values from request/response
    to confirm things still work or fail where
    expected

    View Slide

  10. THROTTLING

    View Slide

  11. View Slide

  12. MOBILE DEVICE SETUP

    View Slide

  13. View Slide

  14. What about TLS/SSL?

    View Slide

  15. SSL PROXY
    ➤ Install the Charles Proxy Root Cert
    ➤ Typically the generated Charles Root
    (different per install)
    ➤ Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    http://www.charlesproxy.com/getssl/

    View Slide

  16. HELPER OPTIONS FOR ROOT SSL

    View Slide

  17. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store)
    ➤ Here’s the config

    View Slide

  18. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Web interface (useful when running Headless)
    ➤ macOS proxy
    ➤ Import/Export Session
    ➤ Focus on single domain
    ➤ Get cURL of request (used recently when debugging push token registration)
    ➤ Create Github Gist
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls

    View Slide

  19. PROXY
    HELP SCOUT

    View Slide

  20. THANKS

    View Slide

  21. HOW DO YOU USE
    WEB PROXIES?

    View Slide