How to configure SSL certificates with Charles Web Proxy and the latest Android Emulator on Windows?

android ssl ssl-certificate webproxy charles-proxy
Martyn picture Martyn · Oct 20, 2010 · Viewed 157.1k times · Source

I would like to use Charles web proxy to work with the Android emulator in Windows. I've successfully set up charles and have started the emulator with the command line:

emulator -http-proxy 127.0.0.1:8888 @NexusOne

I can see traffic coming from the android emulator in Charles, but the problem is that I'm developing against a live API which uses SSL and I'm not sure how to configure Charles to let me play about the the data which is sent and received. I'm aware of two areas where SSL is set up in Charles (Proxy -> Proxy Settings -> SSL and Proxy -> Client SSL Certificates) but I can't find any decent documentation which has let me do what I want to do. Has anyone experience with Charles, or certificates in general, who can explain how to achieve this. Maybe a primer on certificates would be good too, as I seem to be lacking knowledge as to why this is so difficult.

Answer

brakertech picture brakertech · Mar 30, 2012

To remotely capture http or https traffic with charles you will need to do the following:

HOST - Machine running Charles and hosting the proxy CLIENT – User’s machine generating the traffic you will capture

Host Machine

  1. Install fully licensed charles version
  2. Proxy -> Proxy Settings -> check “Enable Transparent HTTP Proxying”
  3. Proxy -> SSL Proxying Settings -> check “enable SSL Proxying”
  4. Proxy -> SSL Proxying Settings -> click Add button and input * in both fields
  5. Proxy -> Access Control Settings -> Add your local subnet (ex: 192.168.2.0/24) to authorize all machines on your local network to use the proxy from another machine
  6. It might be advisable to set up the “auto save tool” in charles, this will auto save and rotate the charles logs.

Client Machine:

  1. Install and permanently accept/trust the charles SSL certificate
    http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
  2. Configure IE, Firefox, and Chrome to use the socket charles is hosting the proxy on (ex: 192.168.1.100:8888)

When I tested this out I picked up two lines of a Facebook HTTPS chat (one was a line TO someone, and the other FROM)

you can also capture android emulator traffic this way if you start the emulator with:

emulator -avd <avd name> -http-proxy http://local_ip:8888/

Where LOCAL_IP is the IP address of your computer, not 127.0.0.1 as that is the IP address of the emulated phone.

Source: http://brakertech.com/capture-https-traffic-remotely-with-charles/

Related questions

Trust Anchor not found for Android SSL Connection

I am trying to connect to an IIS6 box running a godaddy 256bit SSL cert, and I am getting the error : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Been trying to determine what could be causing …

Read More
Self-signed SSL acceptance on Android

How do I accept a self-signed certificate in Java on Android? A code sample would be perfect. I've looked everywhere on the Internet and while some people claim to have found the solution, it either does not work or there …

Read More
How to import self-signed SSL certificate to Volley on Android 4.1+

I develop android application which uses Volley. All communication is done via HTTPS connection. Because I test it on local environment, I use self-signed certificates for Tomcat. Before, I had only android 2.3 and 3.0 devices. Now I've got also 4.1 and 4.4. My …

Read More