Login/Register
How to configure SSL certificates with Charles Web Proxy and the latest Android Emulator on Windows?
Asked Answered
Solved androidsslssl-certificatewebproxycharles-proxy
P

8

66

I would like to use Charles web proxy to work with the Android emulator in Windows. I've successfully set up charles and have started the emulator with the command line:

emulator -http-proxy 127.0.0.1:8888 @NexusOne

I can see traffic coming from the android emulator in Charles, but the problem is that I'm developing against a live API which uses SSL and I'm not sure how to configure Charles to let me play about the the data which is sent and received. I'm aware of two areas where SSL is set up in Charles (Proxy -> Proxy Settings -> SSL and Proxy -> Client SSL Certificates) but I can't find any decent documentation which has let me do what I want to do. Has anyone experience with Charles, or certificates in general, who can explain how to achieve this. Maybe a primer on certificates would be good too, as I seem to be lacking knowledge as to why this is so difficult.

Proctology answered 20/10, 2010 at 10:11 Comment(1)
What is the emulator command? How do you use it?Yare
G
50

In Charles, go to Proxy>>Proxy Settings and select the SSL tab. Add your host to the list of Locations.

For example, if your secure call is going to https://secure.example.com, you can enter secure.example.com, or *.example.com.

Once the above is in place, you may need to right-click on the call in the main Charles window and select the SSL Proxying option.

Hope this helps.

Gurias answered 12/11, 2010 at 1:55 Comment(5)
2017: Don't forget to install the Charles SSL certs: CharlesProxy.com/getsslGarb
@Garb For some reason that site does not do anything on my android emulator...just says it would if the OS were configured to allow certsGrammarian
I don't see any SSL tab in Proxy SettingsFluorocarbon
@Fluorocarbon You should see it directly under the Proxy menu as "SSL Proxying settings"Paulie
These instructions are old/incorrect. The correct way is "Proxy" > "SSL Proxy Settings...". Confirmed v4.2.7. macOS. Works with evaluation version.Fenugreek
S
76

To remotely capture http or https traffic with charles you will need to do the following:

HOST - Machine running Charles and hosting the proxy CLIENT – User’s machine generating the traffic you will capture

Host Machine

  1. Install fully licensed charles version
  2. Proxy -> Proxy Settings -> check “Enable Transparent HTTP Proxying”
  3. Proxy -> SSL Proxying Settings -> check “enable SSL Proxying”
  4. Proxy -> SSL Proxying Settings -> click Add button and input * in both fields
  5. Proxy -> Access Control Settings -> Add your local subnet (ex: 192.168.2.0/24) to authorize all machines on your local network to use the proxy from another machine
  6. It might be advisable to set up the “auto save tool” in charles, this will auto save and rotate the charles logs.

Client Machine:

  1. Install and permanently accept/trust the charles SSL certificate
    http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
  2. Configure IE, Firefox, and Chrome to use the socket charles is hosting the proxy on (ex: 192.168.1.100:8888)

When I tested this out I picked up two lines of a Facebook HTTPS chat (one was a line TO someone, and the other FROM)

you can also capture android emulator traffic this way if you start the emulator with:

emulator -avd <avd name> -http-proxy http://local_ip:8888/

Where LOCAL_IP is the IP address of your computer, not 127.0.0.1 as that is the IP address of the emulated phone.

Source: http://brakertech.com/capture-https-traffic-remotely-with-charles/

Sandlin answered 30/3, 2012 at 8:7 Comment(5)
Install and permanently accept/trust the charles SSL certificate Um that's not safe, is it? I'd rather not let anyone pull a MITM on me.Hypotonic
Found a solution for that: codeblog.shape.dk/blog/2014/01/06/…Hypotonic
There is not SSL tab in my Charles proxy version... (v4)Poniard
@Poniard the tab got it's own settings page. It can be opened via Proxy --> SSL Proxying SettingsTetherball
An update to what @SalmanAbbas wrote: it is actually no longer a security risk to permanently accept/trust the cert as Charles uniquely generates it. This means you can even trust the SSL root cert on live devices without much added risk.Halbert
G
50

In Charles, go to Proxy>>Proxy Settings and select the SSL tab. Add your host to the list of Locations.

For example, if your secure call is going to https://secure.example.com, you can enter secure.example.com, or *.example.com.

Once the above is in place, you may need to right-click on the call in the main Charles window and select the SSL Proxying option.

Hope this helps.

Gurias answered 12/11, 2010 at 1:55 Comment(5)
2017: Don't forget to install the Charles SSL certs: CharlesProxy.com/getsslGarb
@Garb For some reason that site does not do anything on my android emulator...just says it would if the OS were configured to allow certsGrammarian
I don't see any SSL tab in Proxy SettingsFluorocarbon
@Fluorocarbon You should see it directly under the Proxy menu as "SSL Proxying settings"Paulie
These instructions are old/incorrect. The correct way is "Proxy" > "SSL Proxy Settings...". Confirmed v4.2.7. macOS. Works with evaluation version.Fenugreek
R
27

For what it's worth here are the step by step instructions for doing this in an Android device. Should be the same for iOS:

  1. Open Charles
  2. Go to Proxy > Proxy Settings > SSL
  3. Check “Enable SSL Proxying”
  4. Select “Add location” and enter the host name and port (if needed)
  5. Click ok and make sure the option is checked
  6. Download the Charles cert from here: Charles cert >
  7. Send that file to yourself in an email.
  8. Open the email on your device and select the cert
  9. In “Name the certificate” enter whatever you want
  10. Click OK and you should get a message that the certificate was installed

You should then be able to see the SSL files in Charles. If you want to intercept and change the values you can use the "Map Local" tool which is really awesome:

  1. In Charles go to Tools > Map Local
  2. Select "Add entry"
  3. Enter the values for the file you want to replace
  4. In “Local path” select the file you want the app to load instead
  5. Click OK
  6. Make sure the entry is selected and click OK
  7. Run your app
  8. You should see in “Notes” that your file loads instead of the live one
Raynard answered 7/3, 2014 at 21:45 Comment(3)
Instead of emailing the cert to the device, I just visited charlesproxy.com/charles.crt in the browser on the device and it worked just fine.Seko
This is stale documentation, for an older version of CharlesPotable
The older version of Charles can still be found though, here: charles.software.informer.com/downloadPotable
N
24

Things have changed a little in the way Charles provides HTTPS proxying.

First the certificates installation options have been moved to the help menu.

Help -> SSL Proxying -> Install Charles Root Certificate
Help -> SSL Proxying -> Install Charles Root Certificate in iOS Simulators

Charles SSL Proxying

Second, starting in iOS 9 you must provide a NSAppTransportSecurity option in your Info.plist and if you want Charles to work properly as a man in the middle, you must add: 

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>

as part of the your domains see full example:

<key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>

The reason being (I guess) that Charles at some point communicates in clear http after acting as the man in the middle https server.

Last step is to activate SSL Proxying for this domain in Charles (right click on domain and select Enable SSL Proxying)

enable HTTP Proxying

Nib answered 4/2, 2016 at 12:16 Comment(0)
S
7

You should also click on "Install Charles CA SSL Certificates.." from the Charles Help menu. See more detailed instructions at http://blog.noodlewerk.com/general/tutorial-using-charles-proxy-to-debug-https-communication-between-server-and-ios-apps/

Splinter answered 3/12, 2011 at 13:57 Comment(0)
O
7

What worked for me - should really be moved to iPhone:

Charles

  1. Enable transparent Http proxying
  2. Enable SSL proxying
  3. Right click on incoming request and select SSL proxying

Mac

  1. Download Charles CA Certificate bundle http://www.charlesproxy.com/ssl.zip
  2. Email yourself charles-proxy-ssl-proxying-certificate.crt

iPhone

  1. Enable http proxy for Charles on port 8888
  2. Select and install email attachment, yes trust it!

Voila, you can now view encrypted traffic from the domain added in the SSL proxying

Ouellette answered 15/10, 2013 at 16:32 Comment(0)
E
2

The certification installation step whatever mentioned here is correct https://mcmap.net/q/294845/-how-to-configure-ssl-certificates-with-charles-web-proxy-and-the-latest-android-emulator-on-windows

But if you are having a pain of individually having to enable SSL Proxy for each and every new url like me, then to enable for all host names just enter * into the host and port names list in the SSL Proxying Settings like this:

enter image description here

Envelope answered 1/12, 2019 at 3:11 Comment(0)
N
0

These things helped me

  1. Go to proxy -> SSL proxy settings -> Add
  2. Add your site name here and give port number as 8888

enter image description here enter image description here

  1. Right click on your site name on the left panel and choose "Enable SSL Proxying" enter image description here

Hope this helps someone out there.

Nympha answered 13/11, 2017 at 12:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.