I've been playing with the twitter API for an iPhone test application, and I've missed the ability to proxy the requests I did to the twitter API with a software like Charles (http://www.charlesproxy.com/). Even though it has a SSL Proxying feature, twitter seems to not like the fact that there's a different certificate in the middle signing the requests. Is there any way to do this? I'd be very useful to be able to see the requests and the way Charles formats the JSON responses, etc...
Twitter can't know that there is a man in the middle. I've not used Charles, but I've used Fiddler2. Try that one.
http://www.charlesproxy.com/documentation/proxying/ssl-proxying/
http://www.fiddler2.com/fiddler/help/httpsdecryption.asp
Decrypting HTTPS works by the proxy making its own certificate, and giving it to the browser. The browser will notice it connects with a bad certificate and give a warning, but the server (Twitter) will just see the proxy as another browser. The proxy-server connection uses Twitter's certificate, so it's still secure.
Perhaps this is your problem:
Q: Can Fiddler intercept traffic from Apple iOS devices like iPad/iPhone/iPod Touch and Android devices? A: Yes, but these devices may not be compatible with the default certificates Fiddler generates.
To resolve the incompatibility, you may replace Fiddler's default certificate generator with one that generates certificates containing flags (e.g. AKID, SKID) that are compatible with these platforms. Simply download and install the new Certificate Maker and restart Fiddler.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With