Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
72 views

Using Charles Proxy To Debug Android SSL Tra C: Hack Upstate

The document provides instructions for setting up Charles Proxy to debug SSL traffic from Android apps. It describes how to configure the Android device and app to trust Charles' SSL certificate, set up Charles on the computer, and optionally debug traffic from an emulator. The setup allows viewing HTTPS requests and responses between an Android device and the internet by routing them through Charles Proxy.

Uploaded by

ANDREW J FENNING
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
72 views

Using Charles Proxy To Debug Android SSL Tra C: Hack Upstate

The document provides instructions for setting up Charles Proxy to debug SSL traffic from Android apps. It describes how to configure the Android device and app to trust Charles' SSL certificate, set up Charles on the computer, and optionally debug traffic from an emulator. The setup allows viewing HTTPS requests and responses between an Android device and the internet by routing them through Charles Proxy.

Uploaded by

ANDREW J FENNING
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Using Charles Proxy to Debug

Android SSL Tra c


Hack Upstate Follow
Jun 20, 2017 · 5 min read

The following is from Odd Networks, Erik Straub

I’ve been a longtime user of Charles for checking requests and responses
from the web applications I write.

Charles as described on its site:

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a


developer to view all of the HTTP and SSL / HTTPS tra c between their
machine and the Internet. This includes requests, responses and the HTTP
headers (which contain the cookies and caching information).
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Lately, however, I’ve been doing a lot more work on Android apps than I
have on server-side applications. I gured it would be similarly helpful to
debug some of the requests we were making from our apps without logging
out to Logcat and cluttering our app code.

The requests I wanted to check happened to be protected by SSL, so in


addition to adding the proxy information to my device’s networking
con guration, I also needed to install Charles’ root certi cate. It turns out
that this is possible, but requires a bit of work. Luckily I have now done this
enough times to feel good about writing it up.

First o , this setup will not work on an emulator without an additional step
(see below). I admittedly haven’t needed to do any proxy debugging
without a test device, though.

Also, as of this post, we are targeting Android SDK version 25 in our


applications, but this speci c setup should work with all versions. If not, feel
free to correct me so that I can update this post.

Now on with the show.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Setting Up Your Project
If your test device is running Android 7.0 or newer, there are a few extra
steps to ensure that you are able to trust the Charles CA Certi cate. To
ensure Android trusts the certi cate, you’ll need to specify a Network
Security Con guration for your application. There are a few di erent ways
of adding your certi cate to the application’s trusted con guration, but I
found that the easiest was not to include Charles’ certi cate within my
application code, but to simply trust the user-installed CA certi cates (like
previous versions of Android used to do).

Specifying the android:networkSecurityConfig property within your


AndroidManifest.xml le:

<application android:allowBackup=”true”
android:icon=”@mipmap/ic_launcher”
android:label=”@string/app_name”
android:roundIcon=”@mipmap/ic_launcher_round”
android:supportsRtl=”true” android:theme=”@style/AppTheme”
android:networkSecurityCon g=”@xml/network_security_con g”>

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
view rawAndroidManifest.xml hosted with ❤ by GitHub

Specifying the res/xml/network_security_config.xml le:

<?xml version=”1.0" encoding=”utf-8"?><network-security-con g>


<debug-overrides> <trust-anchors> <! — Trust user added CAs while
debuggable only → <certi cates src=”user” /> </trust-anchors>
</debug-overrides></network-security-con g>

view rawnetwork_security_con g.xml hosted with ❤ by GitHub

Setting Up Charles
Open up Charles on your Mac and then open Proxy > Proxy Settings from
the toolbar. You’ll need to make note of the HTTP Proxy Port that is
speci ed.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Then open up Proxy > SSL Proxying Settings from the toolbar and add the
appropriate Locations (host/port) for the requests you wish to debug. I
usually just add a wildcard route like *.myapidomain.com but speci c
domains like whatever-app.herokuapp.com work ne as well.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Setting Up Your Android device
First, make note of your Mac’s IP address within your local network. You’ll
need it in the next step.

Also make sure Charles is open and that the Mac is on the same wi
network as the Android device you’ll be setting up.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Go to your device’s settings and wi con guration.

Press and hold on the network you’re going to use and select Modify

network from the alert modal.

Then check Advanced Options and scroll until you see Proxy .

Tap the Proxy dropdown and select Manual .

For the Proxy hostname input your Mac’s IP address that you noted above.

Then for the Proxy port use the HTTP Proxy Port that you noted from
Charles’ Proxy Settings from above.

Tap Save .

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
After saving, you may notice a pop-up on your mac like this:

You should now click Allow to let your Android device connect to Charles
via the proxy it has set up.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
If you don’t see this prompt, you can ensure that your device can use the
proxy from within Charles by going to Proxy > Access Control Settings

and adding your Android device’s IP address on the wi network.

One more step!

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Now on your Android device, open up the browser and go to the following
URL chls.pro/ssl . You can also see these instructions from within the

Charles app - go to Help > SSL Proxying > Install Charles Root

Certificate on a Mobile Device or Remote Browser .

The browser should download the cert and once nished, tap to open the
le. Then Android should prompt you to install the le.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
After you’ve named the certi cate and tapped “OK”, you will either be
prompted to input your device’s pin/password or prompted to set up your
device’s pin/password. Once that process is complete, you should be ready
to debug some requests.

Note Until you remove the manual proxy from this device’s wi
con guration, whenever you use this network again you will need to have
Charles open and running on the same IP address. You can always set the
network con guration back to “Proxy: None” once you’re done debugging.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Using An Emulator
According to Charles’ site you can start the emulator with a ag in order to
use the proxy.

In the Android emulator run con guration add an Additional Emulator


Command Line Option: -http-proxy http://LOCAL_IP:8888

Where LOCAL_IP is the IP address of your computer, not 127.0.0.1 as that is


the IP address of the emulated phone.

EDIT: Thanks to Brandon Davis for pointing out that the full command would
be

emulator -avd EMULATOR_NAME -http-proxy IP_ADDRESS:PORT

In addition, Android Studio 3.0 will now allow managing proxy settings for
your emulator images. Read all about the new features here and if you can’t
wait for a stable release, 3.0 is currently available in the dev channel.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Debugging requests
Now that you’re set up, you should see Charles recording tra c from your
device. As long as you’re con gured properly, you should see those SSL
request details from the domains you speci ed in Charles’ SSL Proxying
Settings.

Feel free to discuss your results and let me know if I missed anything
obvious.

Android Proxy Ssl Https Android Emulator

1.2K 13

WRITTEN BY

Hack Upstate Follow

Advancing Upstate New York's tech community through events


and education. http://hackupstate.com/ &&
https://careersincode.org/

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
More From Medium

What is Ransomware? Q&A: Data Thieves Exploit COVID-19


Ferdinand Ramos in Query.AI Sen. Chuck Grassley

The Encyclopedia of Smart Contract Attacks and Understanding End User Security Decisions
Vulnerabilities
Jacob Davis
Kaden Zipfel in Better Programming

Facebook Meeting Audio Leaked: The Week in Data News What is SQL Injection and how to x it
BIGtoken Team in BIGtoken Bootsity

Here Are the Biggest Online Privacy Threats Facing Your Digital Privacy Matters: Here Are Some Basic Steps
Companies and Consumers (and Covering Your… You Can Take to Protect It
inc. magazine in Inc Magazine Shayan Shokrgozar in Predict

Discover Medium Make Medium yours Become a member


Welcome to a place where words matter. On Follow all the topics you care about, and we’ll Get unlimited access to the best stories on
Medium, smart voices and original ideas take deliver the best stories for you to your Medium — and support writers while you’re at
center stage - with no ads in sight. Watch homepage and inbox. Explore it. Just $5/month. Upgrade

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
About Help Legal

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

You might also like