Charles registration code generation, www.charles.ren

The following discussion is based on the premise that Charles is installed on a MAC.

Principle of HTTPS communication process and man-in-the-middle attack

How to capture packets, the principle is as follows:

When a client sends a message to the server, the middleman (Charles) intercepts the request sent by the client to the server and communicates with the server disguised as the client. Sends the content returned by the server to the client, masquerading as the server to communicate with the client. Here is a simplified man-in-the-middle packet capture diagram:

Charles is configured to capture HTTPS packets

1. Enable proxy and set port 8888 by default

2. Import the Charles root certificate to the PC and mobile phone

2.1 Charles certificate installed on the computer

Go to your Mac’s keychain to select a certificate and trust it, sometimes restarting the Keychain app

2.2 Installing Charles Certificates on mobile phones

Next, it is necessary to configure the mobile phone and Charles to be on the same LAN. No matter Charles certificate is downloaded or officially used, it must be on the same LAN first.

Download the certificate and type CHLS. Pro/SSL in the browser on the same LAN. It then jumps to a page that automatically downloads the corresponding PEM certificate file to the phone’s file system.

Then install the PEM certificate on the phone. For An Android phone, click install Certificate to the bottom of the WLAN list.

Before we do this, we can go to the file manager of the mobile phone and move the pem file to the appropriate location to ensure that the PEM file can be found in the page of installing the certificate.

Thus, in the WLAN preferences area, click Install Certificate, index to the corresponding PEM file, select the file, and the installation is successful.

Finally, return to the Settings page and do the following to confirm that the certificate is installed:

2.3 Charles Agent configured on mobile phones

Next, what we need to do is to configure the agent of the phone and keep it in the same LAN with Charles. The steps are as follows:

Click Charles’ Help->Local IP Address-> Remember the IP Address 172.21.205.137

Click mobile wifi-> Baidu_WIFI -> Proxy Settings

After saving, Charles can be configured on the mobile phone. At this time, Charles can be restarted, sometimes there will be a pop-up prompt, sometimes there will be no, but generally it will take about 2 minutes to make a network request on the mobile phone, and Charles can normally catch the corresponding request package. If there are pop-ups, select Yes.

Additional tutorials

1. There is no solution for setting “Request” and “Response” on the PC client

2. Solve the problem of GARbled HTTPS request and Response characters

Add the content shown in the picture, click OK, request again, and the garbled code is resolved:

3. Set the advanced version proxy for Android applications

For Android phones, after 7.0, the system added Security control, namely Net Security Configuration. You need to configure XML data in your application so that packets can be captured normally. Otherwise, the following error message is displayed:

You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.

The way to configure it is in the Google documentation.

Developer. The android. Google. Cn/training/ar…

It is recommended to write this in XML to ensure that the debug version supports the certificate you added:

<? The XML version = "1.0" encoding = "utf-8"? > <network-security-configxmlns:tools="<http://schemas.android.com/tools>"> <debug-overrides> <trust-anchors> <! Trusted user installed certificates --> <certificatessrc="user"/> </trust-anchors> </debug-overrides> </network-security-config>Copy the code

Reference links:

Link: https://www.jianshu.com/p/3b4cd6fdd…

Link: https://www.jianshu.com/p/e88a1ccb1…

Link: developer. The android. Google. Cn/training/ar…