Skip to content

lana-20/charles-notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 

Repository files navigation

NOTE: This repo has been refurbushed and published on Medium: https://medium.com/@begunova/charles-proxy-setup-for-desktops-and-mobile-devices-03c3fd28f882.

Notes on Charles Proxy

🔵 Structure Tab Icons

🔵 Exclude a host from being recorded

🔵 Remove a host from a recorded session

🔵 Remove sensitive information from a recorded session

🔵 What happens if Charles root certificate is not installed?

🔵 Remove Charles root certificates

🔵 No internet connection after setting manual proxy

🔵 Miscellaneous issues

  • Structure tab groups HTTP requests by host.
  • Sequence tab shows each HTTP request individually sorted by oldest first.

Structure Tab Icons

Each host on the Structure tab has one of these four icons:

📋 To summarize: lock 🔒 icon means SSL proxying is not enabled for that HTTPS host; lightning ⚡️ in the icon means the host is using HTTP/2 protocol.

Exclude a host from being recorded

Example scenario: I have Slack Chat open in the background when recording a Charles session and I don't want that to show up in my session.

Solution: go to Proxy > Recording Settings > Exclude > Add.

Let's say I want to exclude xkcd.com and subdomains e.g. imgs.xkcd.com, then I can simply enter *xkcd.com in the Host field. For more advanced filters, click Help for examples/explanations.

Double-click on any existing entry to edit it.

Avoid excluding any host that is accessed by the website or app under test (AUT).

📝 I had issues where hosts that are added to the Exclude list still show up on the session. Curiously, all the problematic ones are HTTPS hosts, whereas the HTTP hosts were excluded without issues. After some time (in the range of a few hours, up to about a day), the issues went away by themselves so I'm not sure what happened there.

Remove a host from a recorded session

Example scenario: a scenario similar to exclude a host, except that I didn't add the host in the Exclude list. So the host ended up being recorded in the session. I want to remove that from the session.

Solution: Select the host on the Structure tab, right-click > Clear.

Avoid accidentally removing any host that is accessed by the website or or app under test (AUT).

Remove sensitive information from a recorded session

Sometimes I have to use my own account to test an app or website in a cycle. It's important to make sure sensitive information like password is removed or is not present in the recorded session before I upload it as an attachment.

One way is to only start the recording after I log in. That way my login information won't even show up on the recorded session in the first place.

Alternatively, I can press Ctrl+F and search with some keywords like "password". I'll see something like the screenshot below.

📝 I can right-click on any result and click Remove, but it only removes that result from the search results and not from the recorded session.

Double-click any search result to open up that particular request.

Once certain that it is the request with the sensitive information, right-click and select Clear.

Repeat as necessary.

What happens if Charles root certificate is not installed?

When I have Charles running without having a root certificate installed, most of the sites will browse just fine. But for hosts where I have enabled SSL proxying (by going to Proxy > SSL Proxy Settings... and adding an entry), I'll get an error as seen in the images below.

Your connection is not private or Did Not Connect: Potential Security Issue error page, as seen on Chrome 110 and Firefox 110.

Remove Charles root certificates

✰ Chromium-based browsers

Tested with Chrome 110

  • Windows

    • Open the Run window Win+R, type certmgr.msc and press Enter. If the the root certificate was added under Trusted Root Certification Authorities during the root certificate installation steps, then go there and look for Charles Proxy CA Right-click on it and click Delete.

    • Alternatively, go to Control Panel > Internet Options > Content > Certificates > Trusted Root Certification Authorities, click on Charles Proxy CA and click Remove.

  • macOS

    • Remove the certificate via the Chrome browser Settings as depicted below:

    • Alternatively, go to Spotlight Search > Keychain Access > login > Certificates, click on Charles Proxy CA and click Delete.

✰ Firefox

Tested with Firefox 110

  • Windows

    • Firefox default directory for certificates is %USERPROFILE%\AppData\Local\Mozilla\Certificates or %USERPROFILE%\AppData\Roaming\Mozilla\Certificates on Windows. Locate the Charles certificate at the path, right-click on it and click Delete or Distrust.

    • Alternatively, click the navigation drawer menu in the browser's top-right corner and select Settings. Go to Options > Privacy & Security > View Certificates > Authorities tab. Scroll down to XK72Ltd, click Charles Proxy CA, click Delete or Distrust and click OK.

  • macOS

    • Firefox default directory for certificates is ~/Library/Application Support/Mozilla/Certificates on macOS. Locate the Charles certificate at this path, right-click on it and click Move to Trash.

    • Alternatively, perform removal via the Firefox browser Settings, similar to the Windows flow illustrated above.

✰ Android 13

Go to Settings. Search "certificates" and tap Trusted credentials. Go to User tab and look for root certificate with words like:

XK72 Ltd.
Charles Proxy CA

Tap on the certificate and tap Remove.

No internet connection after setting manual proxy

Scenario (Windows 10):

I set the manual proxy on my phone to the computer running Charles. When I try to browse a website on the phone, I expect to see a prompt on Charles about an unauthorized device trying to connect, as per the Charles documentation. But I don't see that prompt, and my phone appears to have no internet connection. Even after manually adding the phone's local IP to Proxy > Access Control Settings, there is still no internet access on my phone and Charles is not recording any network activity on the phone.

Solution:

  1. Open Start. Type "network status" and click the matching item.
  2. Click Change connection properties.
  3. Under Network Profile, select Private(it was originally set to Public).

Charles may need be restarted. Fiddler, however, works fine without having to change the Network Profile to Private

Miscellaneous issues

❓ Charles is not recording network traffic on Firefox but it is working fine on Chrome and Edge.

👉Go to Options > Settings (under Network Proxy), and make sure Use system proxy settings is selected. If I'm getting Your connection is not secure on HTTPS sites after that, I may have to visit https://chls.pro/ssl and select Trust this CA to identify websites to install the SSL certificate on Firefox.