In the penetration process, test cases need to be built for every parameter, every interface, and every business logic, for which packet capture analysis is an essential process. On the PC side, Burpsuite has become a must-have tool for penetration. However, using Burpsuite, you sometimes can’t grab HTTPS data from your phone.
In this paper, Charles is used to solve the problem that mobile phones can not catch bags and some possible problems in the process of using them.
Environment to prepare
1. Enable Wifi sharing on Windows.
2. Connect your phone and computer to the same wifi.
Charles set
Download address: www.charlesproxy.com/download/
Step 1: Configure the HTTP Proxy, Proxy Settings: main interface –Proxy–Proxy Settings
Select listen on port 8888 and then ok. If SOCKS Proxy is selected, HTTP access requests of the browser can be intercepted.
Step 2: Configure SSL Proxy: Select SSL Proxy Settings in Charles Proxy
Step 3: Set up a proxy for the phone
Enter the network address of the computer where Charles is installed, and fill in the port 8888.
Take IOS as an example. Open Charles’ root certificate download url: chls.pro/ SSL on Safri and click Permit to download.
Setup — Description file downloaded — Install:
Next, you need to set up the trust certificate. Go to Mobile Phone Settings > General > About Local > Certificate Trust Settings to trust the certificate:
Step 4: Set SSL Proxy. In proxy-SSL Proxying Settings, add the domain name
Problem: can’t access http://chls.pro/ssl or use Charles to grab the phone APP, everything is configured correctly, but can’t catch the data.
First, it’s important to make sure your computer’s firewall is turned off.
Reference links:
www.jianshu.com/p/7a88617ce…
www.cnblogs.com/fighter007/…