Upgrade to Pro — share decks privately, control downloads, hide ads and more …

I <3 Charles Proxy

Scott Alexander-Bown
November 29, 2018
Technology
0
36

I <3 Charles Proxy

Scott Alexander-Bown

November 29, 2018
Tweet

More Decks by Scott Alexander-Bown

See All by Scott Alexander-Bown
Fundamentals of creating Android mobile apps
scottyab
0
23
What's 'Q' in Android Security
scottyab
0
57
Faster mobile debugging using a HTTP Proxy
scottyab
0
16
What_s_new_from_Google_IO_2018.pdf
scottyab
0
46
Doppl, an intro!
scottyab
0
34
OMG What's new in Security
scottyab
0
46
What's New from Google I/O 2017
scottyab
0
55
What's Nnnnnew in Security Droidcon IT
scottyab
1
55
Android Things
scottyab
0
220

Other Decks in Technology

See All in Technology
軟體品質不只測試: LINE QA團隊分享
line_developers_tw
PRO
0
4.9k
Product Minded Software Engineers: Understanding the Product with a code-first approach
cembasaranoglu
0
240
k8sを始める人に知ってもらいたい、Platform Engineeringの話
jacopen
1
350
Kubernetes + containerd で cgroup v2 に移行したら "failed to create fsnotify watcher" エラーが発生する原因と対策
superbrothers
0
370
自分のデータは自分で守る - あなたのCI/CDパイプラインをセキュアにする処方箋
jacopen
4
170
様々な環境へコマンドラインツールを提供する上での苦労とその対策 / YAPC::Kyoto 2023
konboi
0
320
ノーコード編集と配信パフォーマンスを両立するコンテンツエディタの開発
niba1122
1
110
Finally_I_can_kichijojipm32
kaznishi
0
150
Invitation to K8s-Docs ja
nasa9084
0
120
ペタバイト、30プロダクトを超えて成長を続けるデータ基盤の歴史
dena_tech
PRO
0
130
就活は相談したもの勝ち
carta_engineering
0
110
Swift 開発が楽になる道具たち
megabitsenmzq
1
240

Featured

See All Featured
Large-scale JavaScript Application Architecture
addyosmani
499
110k
Thoughts on Productivity
jonyablonski
50
2.8k
Music & Morning Musume
bryan
37
4.7k
A Philosophy of Restraint
colly
193
15k
A designer walks into a library…
pauljervisheath
199
16k
Designing the Hi-DPI Web
ddemaree
273
33k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
910
Rails Girls Zürich Keynote
gr2m
87
12k
GraphQLの誤解/rethinking-graphql
sonatard
39
8k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.6k
Typedesign – Prime Four
hannesfritz
34
1.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
13
2k

Transcript

  1. I ❤ CHARLES
    By Scott Alexander-Bown

    View Slide

  2. View Slide

  3. Proxy Server

    View Slide

  4. View Slide

  5. Disclaimer: Not tested this

    View Slide

  6. ALTERNATIVES
    ➤ Chrome Dev tools
    ➤ Stetho (Android)
    ➤ Pony Debugger (iOS)
    ➤ Chuck (Android)
    ➤ MITM proxy
    ➤ Fiddler
    ➤ Others…

    View Slide

  7. SCREENSHOT OF ANDROID APP
    SESSION

    View Slide

  8. BREAKPOINTS
    ➤ “Does what it says on the tin”

    View Slide

  9. EDIT REQUEST / RESPONSE
    ➤ Simulating error responses from API
    ➤ Removing values from request/response
    to confirm things still work or fail where
    expected

    View Slide

  10. THROTTLING

    View Slide

  11. View Slide

  12. MOBILE DEVICE SETUP

    View Slide

  13. View Slide

  14. What about TLS/SSL?

    View Slide

  15. SSL PROXY
    ➤ Install the Charles Proxy Root Cert
    ➤ Typically the generated Charles Root
    (different per install)
    ➤ Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    http://www.charlesproxy.com/getssl/

    View Slide

  16. HELPER OPTIONS FOR ROOT SSL

    View Slide

  17. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store)
    ➤ Here’s the config

    View Slide

  18. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Web interface (useful when running Headless)
    ➤ macOS proxy
    ➤ Import/Export Session
    ➤ Focus on single domain
    ➤ Get cURL of request (used recently when debugging push token registration)
    ➤ Create Github Gist
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls

    View Slide

  19. PROXY
    HELP SCOUT

    View Slide

  20. THANKS

    View Slide

  21. HOW DO YOU USE
    WEB PROXIES?

    View Slide