I have Android 4.3 forced to use Charles proxy via IPTABLES. The charles certificate is installed on the phone. I am able to capture normal SSL traffic like https websites in the browser. All POST and GET methods seem to work fine. In a particular app, it fails when using the SSL CONNECT method.
iOS devices If you are on iOS 10.3 or later, open the Settings. app and navigate to General > About > Certificate Trust Settings, and find the Charles Proxy certificate, and switch it on to enable full trust for it (More information about this change in iOS 10).
In Charles go to the Help menu and choose "SSL Proxying > Install Charles Root Certificate". A window will appear warning you that the CA Root certificate is not trusted. Click the "Install Certificate" button to launch the Certificate Import Wizard.
SSL proxy is a transparent proxy that performs SSL encryption and decryption between the client and the server. SRX acts as the server from the client's perspective and it acts as the client from the server's perspective.
From iOS 10.3 you also need to go to Settings > General > About > Certificate Trust Settings and trust Charles certificate.
You can face with this problem at some applications like Facebook or Instagram. Charles certificate doesn't work at some new apps because they are using a technique named as SSL-PINNING. First of all you have to break ssl-pinning system of application or you can instal old version of application then it sometimes works but we need a new solution about ssl pinning in order to record traffic for this kind of applications.
as @Berkay Yıldız says, it probably using ssl/certificate pinning.
how to fix/avoid/disable ssl pinning?
the whole logic is:
LEVEL 1: for normal http
:
core logic:
Note:
computer side, MUST use wired network
, NOT wireless, otherwise mobile side network not usable
LEVEL 2: for encrypted https
:
Key Chain
to trust Charles Root CAEnable SSL Proxying
VPN and Application
Trusted Credentials -> User
, can see installed Charles certificateLEVEL 3: for SPECIAL https
which using ssl pinning
:
more detailed summary please refer my post (written in Chinese): 1 and 2
Some folks my end up here with android N Devices that won't do SSL over charles even after installing the cert - now on http://chls.pro/ssl
In N - you need to also add an xml file and security config. This post goes into more details: How to get charles proxy work with Android 7 nougat?
I have met the same problem. And after installing the latest certificate, it is solved.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With