In the penetration process, test cases need to be built for every parameter, every interface, and every business logic, for which packet capture analysis is an essential process. On the PC side, Burpsuite has become a must-have tool for penetration. However, using Burpsuite, you sometimes can’t grab HTTPS data from your phone.

In this paper, Charles is used to solve the problem that mobile phones can not catch bags and some possible problems in the process of using them.

Environment to prepare

1. Enable Wifi sharing on Windows.

2. Connect your phone and computer to the same wifi.

Charles set

Download address: www.charlesproxy.com/download/

Step 1: Configure the HTTP Proxy, Proxy Settings: main interface –Proxy–Proxy Settings

Select listen on port 8888 and then ok. If SOCKS Proxy is selected, HTTP access requests of the browser can be intercepted.

Step 2: Configure SSL Proxy: Select SSL Proxy Settings in Charles Proxy

Step 3: Set up a proxy for the phone

Enter the network address of the computer where Charles is installed, and fill in the port 8888.

Take IOS as an example. Open Charles’ root certificate download url: chls.pro/ SSL on Safri and click Permit to download.

Setup — Description file downloaded — Install:

Next, you need to set up the trust certificate. Go to Mobile Phone Settings > General > About Local > Certificate Trust Settings to trust the certificate:

 

 

Step 4: Set SSL Proxy. In proxy-SSL Proxying Settings, add the domain name

Problem: can’t access http://chls.pro/ssl or use Charles to grab the phone APP, everything is configured correctly, but can’t catch the data.

First, it’s important to make sure your computer’s firewall is turned off.

 

 

 

Reference links:

www.jianshu.com/p/7a88617ce…

www.cnblogs.com/fighter007/…