59

On Charles mac app, if I go to

Help > SSL Proxying > Install Charles Root Certificate on iOS Simulators

and then run any Simulator from Xcode I don't see Charles certificates installed on simulator.

I am using Charles v4.6.1. This was working fine on iOS Simulator 14.4. If you have any solutions please let me know.

SnK
  • 764
  • 2
  • 6
  • 10

3 Answers3

160

It's a bug from Charles Proxy. You should wait until Charles Proxy fixes it.

To work around, you might manually export the certificate from Help Menu -> SSL Proxying -> Save Charles Proxy Root Certificate.

Then drag the file to iOS Simulator. Then trusting it by Going to Settings app -> General -> About -> Certificate Trust Settings.

enter image description here

Or You can install and trust the certificate by using simctl CLI

xcrun simctl keychain booted add-root-cert <your_certificate>

If you prefer automation work, do it with one-click, you might checkout Proxyman, which is a modern version of Charles Proxy.

It also fully supports Xcode 12.5, iOS 14.5 Simulators, Big Sur, and M1 Macbook.

proxyman-ios-14.5-simulator

Disclaimer: I develop Proxyman app. Hope that it helps you.

Nghia Tran
  • 2,600
  • 2
  • 16
  • 25
  • 7
    Drag and drop the file to Simulator didn't work for me. But xcrun simctl keychain booted add-root-cert worked. Thanks a lot Nghia. – SnK Apr 28 '21 at 11:34
  • 2
    FWIW, as of macOS 11.3.1, the drag n drop method didn't work when I had the file in my Desktop folder. It would fail with permissions problems even though it was readable by everyone (likely the Sim couldn't read it). Moving it to Downloads instead fixed this. – Matt Robinson Jun 01 '21 at 17:09
  • What is "Settings app" where I should trust the certificate? – Tony Jun 22 '21 at 05:41
  • @Tony It's a system Setting app in your iPhone or iOS Simulator. You can skip it by using the `simctl ` cli. – Nghia Tran Jun 22 '21 at 06:07
  • 2
    drag & drop helped me, macOS 11.4 xcode 12.5.1 – Mikhail Sein Jun 28 '21 at 19:40
  • Hi, I have already downloaded and used Proxyman, the UI and feature is really awesome! Just curious about this, is this project open source? I want to know how to contribute because my use case is special and it seems like proxyman is not support my use case. – Sugar Nov 23 '21 at 06:09
  • Unfortunately, It's not OSS @Sugar, but you can open a feature request at https://github.com/ProxymanApp/Proxyman/issues – Nghia Tran Nov 24 '21 at 07:02
  • `xcrun simctl keychain add-root-cert ` (Xcode 13.1) didn't work for PEM nor DER files, and for iOS 12 .. iOS 13-15. However, Drag & Drop did work for DER files on iOS 12.x and iOS 13-15. On iOS 13-15 the cert had to be drilled down manually after drag&drop in Settings -> General -> Device Management to be confirmed there, while on iOS 12 it was part of the installation flow. On iOS 12 the cert is located in Settings -> General -> Profiles. The cert was located in the project folder. – CouchDeveloper Dec 09 '21 at 17:58
  • Proxyman isn't as robust as charlesproxy. It's fine if all you want to do is log calls, but rewrite is so much harder without scripting experience and request breakpoints don't allow path editing. I use these two tools in CP the most, so dealbreaker. – Kreidol Dec 10 '21 at 02:33
  • Thanks for your feedback @Kreidol. Regarding the scripting (rewrite), we include the Snippet code for all common tasks (https://docs.proxyman.io/scripting/snippet-code). – Nghia Tran Dec 10 '21 at 02:36
  • For modifying the path of the breakpoint, I will create a ticket and implement it soon – Nghia Tran Dec 10 '21 at 02:37
  • @CouchDeveloper I tested `xcrun simctl keychain booted add-root-cert charles-ssl-proxying-certificate.pem` and it works fine. (Xcode 13.1, iOS 13, iPhone 13 Simulator, macOS 12.0.1). Maybe you should double check Xcode -> Preference -> Command Line -> Xcode 13.1 – Nghia Tran Dec 10 '21 at 02:47
  • @NghiaTran Thanks for the reply. I investigated my specific proben further, and it turned out, that the root certificate (created elsewhere, not with Proxyman) was not "completely" valid. Unfortunately, simctl only reports "invalid parameter" error. So I had to go through the claims in the cert and check it. So, yes after correction of the Cert it worked. But, it worked with manual drag and drop as a DER not PEM before . – CouchDeveloper Dec 10 '21 at 14:01
  • @Kreidol I've released the update. From now, you can use the Breakpoint to modify the Request URL (includes the scheme, host, path, port, HTTP method, query) – Nghia Tran Dec 22 '21 at 02:38
  • 1
    I have Proxyman as part of my Setapp subscription but I have never given it much use until today. I was flighting with Charles not doing proper SSL proxying until I saw this post. Proxyman made this process too easy. :) – seamus May 13 '22 at 17:59
37

You can try this (for any new simulator). This process still work with simulator 14.5 and iOS 15

  • Open charles and configure it as its Proxy. In Charles see that, Proxy-> macOS Proxy is enabled.
  • From the iDevice, open https://chls.pro/ssl with Safari Browser. enter image description here
  • It will ask to download the certificate. Just download it. The certificate will be ready to be installed

enter image description here

  • Open Settings/General/Profile/Download Profile to install the certificate (Profile link in settings appear only after downloading profile from https://chls.pro/ssl). In iOS 15, the profile can be found under Settings/General/Device Management. enter image description here
  • Open Settings/General/About/Certificate Trust Settings to accept the newly installed certificate

enter image description here

shim
  • 9,289
  • 12
  • 69
  • 108
Duyen-Hoa
  • 15,384
  • 5
  • 35
  • 44
  • The first step doesn't show the permission dialog "From the iDevice, open https://chls.pro/ssl." – Prabhakar Kasi Jun 17 '21 at 22:42
  • 1
    It works like a charm on Xcode 12.5, you just need to include in the steps: 1. Open Charles – TomCobo Jul 05 '21 at 09:30
  • 1
    It works good for iOS 15 simulators. One change is the path to install the certificate which now is: `Settings -> General -> Device Management -> Certificate is here, tap on it and install`. Then you have to go to: `General -> About -> Certificate Trust Settings -> enable the certificate from the switch` – Stan Oct 12 '21 at 11:38
  • It's worth adding that sometimes Charles Proxy fails to run as expected or fails to install cert if cert expired. To generate new one, you need to run "Reset Charles Root Certificate" first. Then follow above instructions to download new profile and install it and trust it on sim. – marika.daboja Mar 22 '23 at 06:18
5

No need for a workaround anymore. Just update Charles to 4.6.2 version.

You can download it from the link above: https://www.charlesproxy.com/download/

Kwnstantinos Nikoloutsos
  • 1,832
  • 4
  • 18
  • 34
  • 2
    simply upgrading to 4.6.2 did not solve the problem for me. I also deleted the Charles Certificate and installed it again on my mac and then the simulator. – Peter W Aug 27 '21 at 14:16
  • I stand corrected, make sure you delete any existing Profiles in your simulator before attempting to install the Certificate on your Simulator through Charles – Peter W Aug 27 '21 at 14:25