Charles

From NovaOrdis Knowledge Base
Revision as of 21:01, 16 May 2019 by Ovidiu (talk | contribs) (→‎Capture localhost Requests)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

External

Overview

Operations

Obtain/Set Proxy Port

Go to Proxy -> Proxy Settings -> HTTP Proxy -> Port.

Configure SSL Proxying

Proxy -> SSL Proxy Settings -> SSL Proxying

and then list the target location you want to proxy for.

Examples:

  • localhost.apple.com:443
  • kibana.apps.openshift.novaordis.io:443

Capture localhost Requests

Localhost traffic doesn't appear in Charles

Some systems are hard coded to not use proxies for localhost traffic, so when you connect to http://localhost/ the corresponding traffic does not show up in Charles.

There are several solutions to this problem:

  • Connect to http://localhost.charlesproxy.com/ instead. This points to the IP address 127.0.0.1, so it should work identically to localhost, but with the advantage that it will go through Charles. This will work whether or not Charles is running or you're using Charles. If you use a different port, such as 8080, just add that as you usually would, e.g. localhost.charlesproxy.com:8080. You can also put anything in front of that domain, e.g. myapp.localhost.charlesproxy.com, which will also always resolve to 127.0.0.1.
  • Try adding a '.' after localhost
  • Replace localhost with the name of your machine, or use your local link IP address (eg. 192.168.1.2). http://nombp3.local:8080/ works.
  • If Charles is running and you're using Charles as your proxy, you can also use local.charles as an alternative for localhost. Note that this only works when you're using Charles as your proxy, so the above approaches are preferred, unless you specifically want requests to fail if not using Charles.

Export the Root Certificate

Exporting the root certificate is necessary when we proxy a Java application that sends HTTPS requests and we need Charles to be able to look inside those requests. All Java applications that use HttpClient will work based on this procedure.

To export: Help -> SSL Proxying -> Save Charles Root Certificate

Use the default format "Base 64 encoded certificate (.crt)".

The certificate thus saved can be used without any modification as part of the following procedure:

Configure a Java HTTP Client to Accept Self-Signed Certificates

Install Charles Root Certificate

Install the Root Certificate on Mac

Help -> SSL Proxying -> Install Charles Root Certificate.

This will install the self-signed root certificate in Keychain Access.

You will then need to navigate to it, select Trust then "When using this certificate Always Trust"

Install the Root Certificate in Chrome

1. Export the root certificate in ~tmp.

2. Go to Preferences -> Advanced -> Manage Certificates.

3. Go to the Trusted Root Certification Authorities tab. If on Mac, you will be sent to Mac Keychain Access. If Charles was previously used to "Install Charles Root Certificate", the root certificate should already be available there and there should be nothing else to do.

Recording Settings

Include/Exclude

Using curl with Charles

Obtain the local proxy port, as shown above in Obtain/Set Proxy Port. It is usually 8888. Then: 

curl -x http://localhost:8888 ...
Retrieved from "https://kb.novaordis.com/index.php?title=Charles&oldid=58829"