I <3 Charles Proxy

Transcript

1. I ❤ CHARLES
   By Scott Alexander-Bown
   

   View Slide

2. View Slide

3. Proxy Server
   

   View Slide

4. View Slide

5. Disclaimer: Not tested this
   

   View Slide

6. ALTERNATIVES
   ➤ Chrome Dev tools
   ➤ Stetho (Android)
   ➤ Pony Debugger (iOS)
   ➤ Chuck (Android)
   ➤ MITM proxy
   ➤ Fiddler
   ➤ Others…
   

   View Slide

7. SCREENSHOT OF ANDROID APP
   SESSION
   

   View Slide

8. BREAKPOINTS
   ➤ “Does what it says on the tin”
   

   View Slide

9. EDIT REQUEST / RESPONSE
   ➤ Simulating error responses from API
   ➤ Removing values from request/response
   to confirm things still work or fail where
   expected
   

   View Slide

10. THROTTLING
    

    View Slide

11. View Slide

12. MOBILE DEVICE SETUP
    

    View Slide

13. View Slide

14. What about TLS/SSL?
    

    View Slide

15. SSL PROXY
    ➤ Install the Charles Proxy Root Cert
    ➤ Typically the generated Charles Root
    (different per install)
    ➤ Provide your own SSL root cert
    ➤ Enable SSL Proxying on per domain basis
    http://www.charlesproxy.com/getssl/
    

    View Slide

16. HELPER OPTIONS FOR ROOT SSL
    

    View Slide

17. SIDE NOTE ANDROID 7+
    ➤ Requires Network Security Config to trust user installed certs
    ➤ Help Scout Android only allows user installed certs in debug (i.e not Play store)
    ➤ Here’s the config
    

    View Slide

18. AND THAT’S NOT ALL
    ➤ DNS spoofing
    ➤ Web interface (useful when running Headless)
    ➤ macOS proxy
    ➤ Import/Export Session
    ➤ Focus on single domain
    ➤ Get cURL of request (used recently when debugging push token registration)
    ➤ Create Github Gist
    ➤ Repeat aka basic load testing (multiple times with optional delays)
    ➤ Whitelist, Blacklist(block), Ignore urls
    

    View Slide

19. PROXY
    HELP SCOUT
    

    View Slide

20. THANKS
    

    View Slide

21. HOW DO YOU USE
    WEB PROXIES?
    

    View Slide