Vladimir Sidorov

Charles Proxy for iOS 11

Blog Post created by Vladimir Sidorov Employee on Sep 21, 2017

1. Into

A while ago we were talking about how to use Charles for Firefox.

Decrypting SSL traffic with Charles Proxy. Certificate expired error in FireFox 

 

This blog post describes how to use Charles Proxy for iOS. There are many similar blog posts about how to use Charles, but so many people are still struggling so I've decided to write one more.

For the purpose of this blog post we will be using

1) Charles Proxy 4.1.4

2) Windows 10

3) iPhone 7+ iOS11

 

2. Installation

Download and install Charles Download a Free Trial of Charles • Charles Web Debugging Proxy 

 

3. Configure Windows PC and iPhone

Connect Windows PC and iPhone to the same WiFi network.

It's also important to disconnect VPN if any, otherwise you'll not be able to capture anything. In my case it didn't work.

 

4. Configuring Charles

1. Setup proxy port.

Proxy → Proxy Settings

By default Charles use port number 8888, but you can specify any other port which is not in use yet.

And you need to make sure that your network configuration allow to use this port. If you are in corporate network, some ports might be closed.

 

2. Configure SSL Proxy

If you plan to use Charles for HTTPS traffic capture, then you need to configure it properly.

Go to Proxy → SSL Proxying Settings.

Specify host name and port on which you want to capture SSL traffic. 

You can use wildcards if you want to capture traffic on multiple domains. 

Ex.: *example.com

 

5. Configure iPhone

1. Setup proxy server

  1. Connect to the same WiFi network as your PC
  2. Open WiFi network configuration page Settings → Wi-Fi 
  3. Select the network you are connected to
  4. At the bottom of the screen select Configure Proxy
  5. Enter IP address of your PC and port number same as in Charles

2. Install Charles SSL certificate

SSL certificate installation process described on the Charles official web site.

SSL Certificates • Charles Web Debugging Proxy 

Open  https://chls.pro/ssl in your Safari browser and follow certificate installation prompt.

If you are on iOS 10.3 or later, open the Settings.app and navigate to General > About > Certificate Trust Settings, and find the Charles Proxy certificate, and switch it on to enable full trust for it (More information about this change in iOS 10).

Now you are ready for SSL capture on your mobile device!

When you first time connect to Charles from iPhone, Charles will ask for permission to connect.

 

6. How to spoof to an IP

If you want to test behavior of your site or application on staging or directly to origin, you need to use DNS Spoofing in Charles in order to spoof your host name to an IP. You can spoof to a hostname as well.

Open Tools → DNS Spoofing

 

 

7. Potential issues

1. Charles do not capture anything

  • Disconnect from VPN if you are connected
  • Try another port number. The one you use might be blocked by network policy.
  • Check if you specified correct host name in SSL Proxying Settings
  • Make sure iPhone and PC are connected to the same WiFi network and proxy settings are correct

 

2. I'm seeing SSL handshake error in browser or application

  • Check if Charles SSL certificate is installed correctly and trusted 

Outcomes