如何在 Windows 上使用 Charles Web Proxy 和最新的 Android 模拟器配置 SSL 证书?

发布于 2024-09-28 06:12:48 字数 420 浏览 10 评论 0原文

我想使用 Charles Web 代理在 Windows 中使用 Android 模拟器。我已经成功设置了 charles 并使用命令行启动了模拟器:

emulator -http-proxy 127.0.0.1:8888 @NexusOne

我可以看到来自 Charles 中的 android 模拟器的流量,但问题是我正在针对使用 SSL 的实时 API 进行开发,但我没有确定如何配置 Charles 让我了解发送和接收的数据。我知道 Charles 中设置了 SSL 的两个区域(代理 -> 代理设置 -> SSL 和代理 -> 客户端 SSL 证书),但我找不到任何像样的文档来让我做我想做的事情想做。有没有人有查尔斯的经验,或者一般的证书,谁可以解释如何实现这一点。也许证书入门也很好,因为我似乎缺乏关于为什么这如此困难的知识。

I would like to use Charles web proxy to work with the Android emulator in Windows. I've successfully set up charles and have started the emulator with the command line:

emulator -http-proxy 127.0.0.1:8888 @NexusOne

I can see traffic coming from the android emulator in Charles, but the problem is that I'm developing against a live API which uses SSL and I'm not sure how to configure Charles to let me play about the the data which is sent and received. I'm aware of two areas where SSL is set up in Charles (Proxy -> Proxy Settings -> SSL and Proxy -> Client SSL Certificates) but I can't find any decent documentation which has let me do what I want to do. Has anyone experience with Charles, or certificates in general, who can explain how to achieve this. Maybe a primer on certificates would be good too, as I seem to be lacking knowledge as to why this is so difficult.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(8

他夏了夏天 2024-10-05 06:12:48

要使用 charles 远程捕获 http 或 https 流量,您需要执行以下操作:

HOST - 运行 Charles 并托管代理的机器
客户端 – 生成您将捕获的流量的用户机器

主机

  1. 安装完全许可的查尔斯版本
  2. 代理 ->代理设置->选中“启用透明 HTTP 代理”
  3. 代理 -> SSL 代理设置 ->选中“启用 SSL 代理”
  4. 代理 -> SSL 代理设置 ->单击添加按钮并在两个字段中输入 *
  5. 代理 ->访问控制设置->添加您的本地子网(例如:192.168.2.0/24)以授权本地网络上的所有计算机使用另一台计算机的代理
  6. 建议在 charles 中设置“自动保存工具”,这将自动保存和旋转查尔斯日志。

客户端计算机:

  1. 安装并永久接受/信任 charles SSL 证书
    http://www.charlesproxy.com/documentation/using-charles/ssl-证书/
  2. 配置 IE、Firefox 和 Chrome 以使用 charles 托管代理的套接字(例如:192.168.1.100:8888)

当我对此进行测试时,我收到了两行 Facebook HTTPS 聊天内容(其中一行是 以下命令启动模拟器,

如果您使用

emulator -avd <avd name> -http-proxy http://local_ip:8888/

则也可以通过这种方式捕获 Android 模拟器流量:其中 LOCAL_IP 是您计算机的 IP 地址,而不是 127.0.0.1,因为这是模拟手机的 IP 地址。

资料来源:http://brakertech.com/capture-https-traffic-remotely-与查尔斯/

To remotely capture http or https traffic with charles you will need to do the following:

HOST - Machine running Charles and hosting the proxy
CLIENT – User’s machine generating the traffic you will capture

Host Machine

  1. Install fully licensed charles version
  2. Proxy -> Proxy Settings -> check “Enable Transparent HTTP Proxying”
  3. Proxy -> SSL Proxying Settings -> check “enable SSL Proxying”
  4. Proxy -> SSL Proxying Settings -> click Add button and input * in both fields
  5. Proxy -> Access Control Settings -> Add your local subnet (ex: 192.168.2.0/24) to authorize all machines on your local network to use the proxy from another machine
  6. It might be advisable to set up the “auto save tool” in charles, this will auto save and rotate the charles logs.

Client Machine:

  1. Install and permanently accept/trust the charles SSL certificate
    http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
  2. Configure IE, Firefox, and Chrome to use the socket charles is hosting the proxy on (ex: 192.168.1.100:8888)

When I tested this out I picked up two lines of a Facebook HTTPS chat (one was a line TO someone, and the other FROM)

you can also capture android emulator traffic this way if you start the emulator with:

emulator -avd <avd name> -http-proxy http://local_ip:8888/

Where LOCAL_IP is the IP address of your computer, not 127.0.0.1 as that is the IP address of the emulated phone.

Source: http://brakertech.com/capture-https-traffic-remotely-with-charles/

贪恋 2024-10-05 06:12:48

在 Charles 中,转到“代理”>>“代理设置”并选择“SSL”选项卡。将您的主机添加到位置列表中。

例如,如果您的安全呼叫将前往 https://secure.example.com,您可以输入 secure。 example.com 或 *.example.com。

完成上述操作后,您可能需要在 Charles 主窗口中右键单击该呼叫,然后选择 SSL 代理选项。

希望这有帮助。

In Charles, go to Proxy>>Proxy Settings and select the SSL tab. Add your host to the list of Locations.

For example, if your secure call is going to https://secure.example.com, you can enter secure.example.com, or *.example.com.

Once the above is in place, you may need to right-click on the call in the main Charles window and select the SSL Proxying option.

Hope this helps.

烧了回忆取暖 2024-10-05 06:12:48

这里有价值的是在 Android 设备中执行此操作的分步说明。 iOS 应该是一样的:

  1. 打开 Charles
  2. 转到代理 >代理设置> SSL
  3. 检查“启用 SSL 代理”
  4. 选择“添加位置”并输入主机名和端口(如果需要)
  5. 单击“确定”并确保选中该选项
  6. 从此处下载 Charles 证书: Charles cert >
  7. 通过电子邮件将该文件发送给您自己。
  8. 打开设备上的电子邮件并选择证书
  9. 在“命名证书”中输入您想要的任何内容
  10. 单击“确定”,您应该会收到一条消息,表明证书已安装

然后您应该能够在 Charles 中看到 SSL 文件。如果您想拦截并更改值,您可以使用“Map Local”工具,这真的很棒:

  1. 在 Charles 中,转到“工具”>“地图本地”工具。映射本地
  2. 选择“添加条目”
  3. 输入要替换的文件的值
  4. 在“本地路径”中选择您希望应用程序加载的文件
  5. 单击“确定”
  6. 确保已选择该条目,然后单击“确定”
  7. 运行您的应用程序
  8. 您应该在中看到“注释”您的文件加载而不是实时文件

For what it's worth here are the step by step instructions for doing this in an Android device. Should be the same for iOS:

  1. Open Charles
  2. Go to Proxy > Proxy Settings > SSL
  3. Check “Enable SSL Proxying”
  4. Select “Add location” and enter the host name and port (if needed)
  5. Click ok and make sure the option is checked
  6. Download the Charles cert from here: Charles cert >
  7. Send that file to yourself in an email.
  8. Open the email on your device and select the cert
  9. In “Name the certificate” enter whatever you want
  10. Click OK and you should get a message that the certificate was installed

You should then be able to see the SSL files in Charles. If you want to intercept and change the values you can use the "Map Local" tool which is really awesome:

  1. In Charles go to Tools > Map Local
  2. Select "Add entry"
  3. Enter the values for the file you want to replace
  4. In “Local path” select the file you want the app to load instead
  5. Click OK
  6. Make sure the entry is selected and click OK
  7. Run your app
  8. You should see in “Notes” that your file loads instead of the live one
仙气飘飘 2024-10-05 06:12:48

Charles 提供 HTTPS 代理的方式发生了一些变化。

首先,证书安装选项已移至帮助菜单。

Help -> SSL Proxying -> Install Charles Root Certificate
Help -> SSL Proxying -> Install Charles Root Certificate in iOS Simulators

Charles SSL 代理

其次,从 iOS 9 开始,您必须在 Info.plist 中提供 NSAppTransportSecurity 选项,并且如果您希望 Charles 在中间,您必须添加:

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>

作为您的域的一部分,请参阅完整示例:

<key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>

原因是(我猜)Charles 在充当中间 https 服务器中的人之后,在某些时候以明文 http 进行通信。

最后一步是在 Charles 中为此域激活 SSL 代理(右键单击域并选择启用 SSL 代理)

启用 HTTP 代理

Things have changed a little in the way Charles provides HTTPS proxying.

First the certificates installation options have been moved to the help menu.

Help -> SSL Proxying -> Install Charles Root Certificate
Help -> SSL Proxying -> Install Charles Root Certificate in iOS Simulators

Charles SSL Proxying

Second, starting in iOS 9 you must provide a NSAppTransportSecurity option in your Info.plist and if you want Charles to work properly as a man in the middle, you must add:

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>

as part of the your domains see full example:

<key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>

The reason being (I guess) that Charles at some point communicates in clear http after acting as the man in the middle https server.

Last step is to activate SSL Proxying for this domain in Charles (right click on domain and select Enable SSL Proxying)

enable HTTP Proxying

洛阳烟雨空心柳 2024-10-05 06:12:48

您还应该从 Charles 帮助菜单中单击“安装 Charles CA SSL 证书..”。请参阅 http://blog.noodlewerk.com/general/tutorial-using-charles-proxy-to-debug-https-communication- Between-server-and-ios-apps/

You should also click on "Install Charles CA SSL Certificates.." from the Charles Help menu. See more detailed instructions at http://blog.noodlewerk.com/general/tutorial-using-charles-proxy-to-debug-https-communication-between-server-and-ios-apps/

宛菡 2024-10-05 06:12:48

对我有用的 - 应该真正转移到 iPhone:

Charles

  1. 启用透明 Http 代理
  2. 启用 SSL 代理
  3. 右键单击​​传入请求并选择 SSL 代理

Mac

  1. 下载 Charles CA 证书包 http://www.charlesproxy.com/ssl.zip
  2. 给自己发电子邮件 charles-proxy-ssl-proxying-certificate.crt

iPhone

  1. 在端口 8888 上为 Charles 启用 http 代理
  2. 选择并安装电子邮件附件,是的,相信它!

瞧,您现在可以查看来自 SSL 代理中添加的域的加密流量

What worked for me - should really be moved to iPhone:

Charles

  1. Enable transparent Http proxying
  2. Enable SSL proxying
  3. Right click on incoming request and select SSL proxying

Mac

  1. Download Charles CA Certificate bundle http://www.charlesproxy.com/ssl.zip
  2. Email yourself charles-proxy-ssl-proxying-certificate.crt

iPhone

  1. Enable http proxy for Charles on port 8888
  2. Select and install email attachment, yes trust it!

Voila, you can now view encrypted traffic from the domain added in the SSL proxying

浅浅淡淡 2024-10-05 06:12:48

这里提到的认证安装步骤都是正确的https://stackoverflow.com/a/35200795/865220

但是如果你是像我一样,必须为每个新网址单独启用 SSL 代理,然后要为所有主机名启用,只需在 SSL 代理设置中的主机和端口名称列表中输入 * 即可,如下所示:

在此处输入图像描述

The certification installation step whatever mentioned here is correct https://stackoverflow.com/a/35200795/865220

But if you are having a pain of individually having to enable SSL Proxy for each and every new url like me, then to enable for all host names just enter * into the host and port names list in the SSL Proxying Settings like this:

enter image description here

分开我的手 2024-10-05 06:12:48

这些东西帮助我

  1. 去代理 -> SSL 代理设置->添加
  2. 在此处添加您的站点名称并将端口号指定为 8888

在此处输入图像描述
输入图片此处说明

  1. 右键单击​​左侧面板上的站点名称,然后选择“启用
    SSL 代理”

希望这对那里的人有帮助。

These things helped me

  1. Go to proxy -> SSL proxy settings -> Add
  2. Add your site name here and give port number as 8888

enter image description here
enter image description here

  1. Right click on your site name on the left panel and choose "Enable
    SSL Proxying"
    enter image description here

Hope this helps someone out there.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文