SET UP CHARLES PROXY ON ANDROID WITH MAC CODE
You have likely asked yourself why some parsing code is not working as expected, or why a request seems to have an invalid format. In the third article of this series, you will see Charles Proxy in action.If you have been programming mobile apps for a while, you must have used a web based API - JSON based or otherwise - and you have had to deal with bugs related to your requests and responses to a web service.
SET UP CHARLES PROXY ON ANDROID WITH MAC HOW TO
In this short article, we have taken a look at how to install and set up Charles Proxy to record traffic and decrypt SSL traffic for testing and debugging purposes.Ĭharles makes this process flawless, and we will use this as a base for the upcoming articles. On the right side, the upper box shows the request, the bottom one the response.
Our first record will now look like this: In the menu bar, click "Tools" → "No Caching".
In case your API sends caching headers, Charles will serve cached contents automatically, and you will not be able to inspect a response's body. You may have to restart Charles at this point, to apply the new settings without having some weird glitches. We can fix this quickly: In the menu, click "Proxy" → "Recording Settings" → "Include" and then add your API's hostname.įor this demonstration, we're using the services of mockapi.io to create a simple REST API. With default settings, we see every single connection from our browser. Yes, browsers are very chatty, especially with many tabs opened. You will probably see a massive list of connections. Recording Your TrafficĪssuming you have everything up and running, you can now start your first traffic recording session.Ĭlick on the "Start Recording" button and wait a couple of seconds. Read more about the platform specifications here. To fix this, you need to either trust each site's certificate permanently or trust the Charles root certificate. Your browser is mistrusting Charles' certificate, which is a good thing (otherwise, SSL would be entirely worthless). When you have already pointed your browser to Charles and are browsing to an SSL-decrypted page, you will notice a security warning about an invalid certificate authority. Replace *.mockapi.io with your API, e.g.,. This way, Charles can read messages from both sides.įollow these steps to activate SSL decryption. With SSL decryption enabled, Charles will establish two secure connections. Without it, all traffic would be encrypted directly between API and frontend - which is good! If you are going to work with HTTPS, you also need to set up SSL decryption.