How do I hook up Charles with IntelliJ?

Question

I am writing a web application in Java using IntelliJ, and I would like to monitor all my http/https requests using Charles, however my requests do not show up by default, so I am suspecting that some proxy settings need to be set up on both sides. Can someone explain it in details? Thanks a lot in advance!

Answer 1

Following these directions on the official site:

https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

1. Export the Charles Proxy root certificate.

2. Install the certificate into the JVM certificate store for the Java version that your application in IntelliJ is using.

   sudo keytool -import -alias charles -file ~/Desktop/charles-ssl-proxying-certificate.pem

The issue I had was that the IntelliJ run 'configuration' (for running the Java application from inside IntelliJ) was using a different SDK to the actual Project level SDK.

Go to Edit Configurations in IntelliJ to confirm the SDK being used at runtime.

Edit: I also found that some libraries (sp. Apache HttpClient) bypass the configure SDK/Proxy settings, leading to requests from IntelliJ that are not visible to Charles Proxy.

Answer 2

Ok so, I have managed to understand the problem and also solve it.

JVM proxy

The first issue was that my requests were essentially coming from the JVM, so that's why we have to proxy them first, which means a JVM configuration has to be made, which can be provided as arguments (can be provided through CLI or under VM options in IntelliJ) like so:

-DproxySet=true -DproxyHost=127.0.0.1 -DproxyPort=8888

HTTPS

The next issue was that along with this proxy, certificates also have to be provided in order to capture and view decrypted https requests.

We can generate Fiddler certificates by going to Tools > Options > HTTPS > Decrypt HTTPS traffic. The generated cert can be downloaded from http://127.0.0.1:8888/.

Using JVM's keytool, we can create a new keystore using our certificate, which we can use later as a JVM configuration to trust resources. To do so, run the following command (make sure to provide the right paths for the keytool and the cert):

"C:\Program Files\Java\jdk1.8.0_144\bin\keytool.exe -import -file C:\Users\Username\Desktop\FiddlerRoot.cer -keystore FiddlerKeystore -alias Fiddler After providing a password, the keystore will be generated at C:\Windows\System32.

Now, we can provide this keystore and password to the JVM by passing the following:

-Djavax.net.ssl.trustStore="C:\Windows\System32\FiddlerKeystore" -Djavax.net.ssl.trustStorePassword="yourKeyStorePassword"

This answer was based on the following blog post and StackOverflow answer:

• Capture HTTPS traffic from Java applications with Fiddler
• How to Capture https with fiddler, in java