How to use application's client certificate with Charles?

About

Asked 24/2, 2018 at 5:41 Answered 27/3, 2018 at 11:29

Trying to investigate private APIs on apps installed on my Android, I've noticed most modern apps use custom client certificate meaning with the trusted root certificate installed on the Android, Charles still cannot monitor the traffic because the server would reject the handshake from Charles. I imagine either I will need a different tool for the traffic monitoring or I will need to direct Charles to use some custom certificate file embedded in the app itself.

Ziegler answered 24/2, 2018 at 5:41 Comment(0)

You need that certificate file at hand (I don't know if and how you can extract it from application).

You also need to know the passphrase (password) for that certificate. Charles will ask it when you connect to selected host for 1st time.

Then just use latest Charles (tested on version 4.2.1) menu Proxy -> SSL Proxying Settings, tab Client Certificates and add certificate (PKCS#12 key file) for selected host and port.

Gratt answered 27/3, 2018 at 11:29 Comment(1)

Even if you could extract the client certificate, would it be possible to decrypt all communications? – Yore 13/7, 2019 at 21:25

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags