How do I configure Charles Proxy and Android so that I can view HTTPS sessions

Question

I want to view HTTPS sessions on my Android phone using Charles Proxy. I need to see the raw request/response contents for debugging my app. I've configured Charles by adding the host and port under "Proxy Settings" -> SSL Tab. When I run the app, all SSL calls seems to disappear quickly from the Charles. Does any one has any idea how to configure Charles Proxy and my Android device so they'll work together? Charles documentation doesn't have information for Android devices.

If you are on Android 7.0 you can find a solution at this link: [enter link description here](http://stackoverflow.com/a/39227880/7220486) — Jonah Hulselmans, Apr 11 '17 at 14:08

DàChún · Answer 1 · 2017-10-11T06:21:16.763

98

for the Android7

refer to: How to get charles proxy work with Android 7 nougat?

for the Android version below Android7

From your computer, run Charles:

Open Proxy Settings: Proxy -> Proxy Settings, Proxies Tab, check "Enable transparent HTTP proxying", and remember "Port" in heart.
SSL Proxy Settings:Proxy -> SSL Proxy Settings, SSL Proxying tab, Check “enable SSL Proxying”, and add . to Locations:
Open Access Control Settings: Proxy -> Access Control Settings. Add your local subnet to authorize machines on you local network to use the proxy from another machine/mobile.

In Android Phone:

Configure your mobile: Go to Settings -> Wireless & networks -> WiFi -> Connect or modify your network, fill in the computer IP address and Port(8888):
Get Charles SSL Certificate. Visit this url from your mobile browser: http://charlesproxy.com/getssl
In “Name the certificate” enter whatever you want
Accept the security warning and install the certificate. If you install it successful, then you probably see sth like that: In your phone, Settings -> Security -> Trusted credentials:

Done.

then you can have some test on your mobile, the encrypted https request will be shown in Charles:

edited Oct 11 '17 at 06:21

answered Aug 11 '15 at 15:13

DàChún

4,751
1
36
39

4

I'm using Charles 4.1.3 and in Help menu, it tells me to `Configure your device to use Charles as its HTTP proxy on 10.72.xx.xx:8888, then browse to chls.pro/ssl to download and install the certificate.` It works in my iPhone but not Android. In my Android, I visit the old url `charlesproxy.com/getssl` works. – iplus26 Jun 30 '17 at 13:19
3

On Android 6.0 chrome browser when I went to http://charlesproxy.com/getssl , it has shown static page "Charles SSL CA Certificate installation..." and didn't start certificate download. Please clarify what needs to be done in this case ? – vikramvi Aug 22 '17 at 09:34
I could solve above problem with below steps 1. remove existing charles certificate ( corrupted/expired/etc ) 2. enable proxy in device 3. download new certificate ( funny thing here as below; on one android "charles-proxy..certificate.cer" gets downloaded and on other "charles-proxy..certificate.pem" gets downloaded. 4. From Chrome browser trying to open .pem file gives error message. 5 .Now directly goto file location through File Manager. 6. Tap on it and give new name as Charles, it gets installed and you can see the traffic in charles – vikramvi Aug 22 '17 at 10:21
@vikramvi , you might not download the cert file due to browser's security settings. in that case please try to use another browsers such as firefox,.....etc – DàChún Oct 11 '17 at 03:13
make sure you run Adb commands 1) see the list of devices using adb devices . 2) adb reverse tcp:8888 tcp:8888 and install the SSLCertificate if not done previously. – Ravi Feb 06 '18 at 18:17

bkurzius · Answer 2 · 2015-08-06T18:16:50.077

45

Edit - this answer was for an earlier version of Charles. See @semicircle21 answer below for the proper steps for v3.10.x -- much easier than this approach too... :-)

For what it's worth here are the step by step instructions for this. They should apply equally well in iOS too:

Open Charles
Go to Proxy > Proxy Settings > SSL
Check “Enable SSL Proxying”
Select “Add location” and enter the host name and port (if needed)
Click ok and make sure the option is checked
Download the Charles cert from here: Charles cert >
Send that file to yourself in an email.
Open the email on your device and select the cert
In “Name the certificate” enter whatever you want
Click OK and you should get a message that the certificate was installed

You should then be able to see the SSL files in Charles. If you want to intercept and change the values you can use the "Map Local" tool which is really awesome:

In Charles go to Tools > Map Local
Select "Add entry"
Enter the values for the file you want to replace
In “Local path” select the file you want the app to load instead
Click OK
Make sure the entry is selected and click OK
Run your app
You should see in “Notes” that your file loads instead of the live one

edited Aug 06 '15 at 18:16

answered Mar 07 '14 at 21:38

bkurzius

4,020
2
34
34

3

Step 4 is a bit tricky. If you want to allow ALL hosts then just don't add anything there! I was trying with "\*" and "\*.\*" and was getting a "The certificate file doesn't exist" error. Leaving the location section in blank solved for me. – Bitcoin Cash - ADA enthusiast Dec 09 '14 at 04:06
This answer seems outdated. After upgrading to Charles 3.10, the Charles cert root file is generated for every pc/mac during the installation, you can export it from Help > SSL Proxying > Save Charles Root .... – semicircle21 Jul 06 '15 at 04:19
@semicircle21 - you should add a new answer so it can be voted up – bkurzius Jul 06 '15 at 15:51
This doesn't work anymore, you need to save the .pem from the charles help menu and import that instead of the .cert download link – pguardiario May 07 '16 at 01:10
Easy to installed certificate on android is mentioned in answer by @User9527 please follow it than cumbersome email process – vikramvi Mar 02 '17 at 10:55
can no longer download cert from Download the Charles cert from here: Charles cert > – Jono May 03 '17 at 09:50

semicircle21 · Answer 3 · 2015-07-29T06:41:53.527

30

Thanks for @bkurzius's answer and this update is for Charles 3.10+. (The reason is here)

Open Charles
Go to Proxy > SSL Proxy Settings...
Check “Enable SSL Proxying”
Select “Add location” and enter the host name and port (if needed)
Click ok and make sure the option is checked
Go to Help > SSL Proxying > Install Charles Root Certificate on a Mobile Device or Remote Browser..., and just follow the instruction. (use the Android's browser to download and install the certificate.)
In “Name the certificate” enter whatever you want
Click OK and you should get a message that the certificate was installed

edited Jul 29 '15 at 06:41

answered Jul 08 '15 at 09:16

semicircle21

741
8
12

There is no "Enable SSL Proxying" – Marian Paździoch Jul 27 '15 at 14:19
@MarianPaździoch Sorry for the mistake in Step2: 2. Go to Proxy > SSL Proxy Settings... – semicircle21 Jul 29 '15 at 06:43
Note: In the "Add location" step, you can enter * as the host and 443 as the port if you want to enable SSL proxying for all HTTPS traffic. – Mark McClelland Aug 25 '16 at 17:07
Thanks for `Install Charles Root Certificate on a Mobile Device or Remote Browser...` where I found a correct IP address. But still can't install the certificate (Chrome doesn't download it). Only after Charles restart I could connect to the Net. – CoolMind Aug 08 '22 at 07:35

score 8 · Answer 4 · edited Oct 30 '13 at 10:52

8

See here:

http://jaanus.com/blog/2012/02/12/debugging-http-on-an-android-phone-or-tablet-with-charles-proxy-for-fun-and-profit/

You would need to install the charles.crt certificate to your device.

edited Oct 30 '13 at 10:52

Andi Smith

110
1
4

answered Jul 25 '13 at 13:57

otso

504
4
12

Ok - this symptom you would see if the cert is not there so hence proposing this solution. – otso Jul 26 '13 at 07:01
1

It wasn't working for me until I also added " * " to my list of allowed SSL hosts in Proxy Settings – HRVHackers Sep 03 '14 at 20:37
i'm afraid that link is now broken – albert c braun Jul 10 '17 at 18:59

score 7 · Answer 5 · answered Jan 28 '20 at 06:24

7

I wasted 1 day finding the issue , my system was not asking connection "allow" or "reject". i though it was due to some certiifcate issue . tried all methods mentioned above but none of them worked . in the end i found "Firewall was real culprit ". if firewall settings is ON , they will not allow charles to connect with your laptop via proxy IP . make them off and all things will work smoothly .Not sure if that was relevent answer but just want to share.

answered Jan 28 '20 at 06:24

Karan

443
5
14

I had same issue on my ubuntu machine. Tried debugging for many days. At last your solution worked. Thanks a lot man. – Abhishek Oct 05 '20 at 16:45
1

@Abhishek glad my answer was helpful to someone in the community :) – Karan Oct 25 '20 at 18:04
1

I faced a similar issue and after some hours of struggle, I found the McAfee firewall to be the culprit. – Sai Mar 28 '22 at 17:45
@Sai : glad that helped you :D – Karan Apr 03 '22 at 08:20

score 4 · Answer 6 · answered Apr 28 '17 at 16:06

The top rated answers are working perfect (a bit old but still working), but I just want to mention that since Android N we all can configure your apps in order to have diff trust SSL certificates (for release , debug only and so on), including Charles SSL Proxy certificate (if you download the Charles certificate and put .pem file in your raw folder). More info can be found here: https://developer.android.com/training/articles/security-config.html

Also the official Charles documentation can be useful to setup this : https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

Hope this will help to setup Charles inside your app project not on every single Android device.

The second link says that Charles certificates are "uniquely generated for your installation of Charles", so they wouldn't be sharable between developers. Is that not the case? (i.e., Is there a universal Charles cert that I can use as described above?) @Stoycho Andreev — big_m, Aug 09 '21 at 18:31

bianca · Accepted Answer · 2013-07-26T16:17:01.503

2

I figured the issue. Its because Charles 3.7 has some bugs for Android devices. I updated to Charles 3.8 Beta version and seems to working fine for me.

edited Jul 26 '13 at 16:17

answered Jul 25 '13 at 15:43

bianca

7,004
12
43
58

I still see this issue with Charles 3.8b1 - with my setup it seems that in Android (using Galaxy Note/4.1.2) some of the HTTPS POST requests are lost - in iPhone 4S all is good. – otso Jul 26 '13 at 07:08
it works on my Galaxy S3. I hope they fix Charles soon for Android devices. – bianca Jul 26 '13 at 16:18
@otso I meet the same trouble, some https can get and some unknow error. How is your problem solved? – nail fei Apr 12 '19 at 03:37

score 2 · Answer 8 · answered Feb 22 '17 at 22:44

For the newer emulator it might be helpful to launch from command line using:

emulator -netdelay none -netspeed full -avd <emulator_name> -http-proxy http://<ip-address>:8888

Make sure you follow @User9527's advice above as well for the rest of the setup

score 0 · Answer 9 · answered Dec 02 '17 at 21:45

For me the issue was the IP address that charles was telling me to route to in my proxy settings was incorrect. To solve I ended up going to ifconfig in the terminal and the trying the different IP addresses (listed next to inet) at port 8888 for the current active connections

How do I configure Charles Proxy and Android so that I can view HTTPS sessions

9 Answers9

for the Android7

for the Android version below Android7

Linked