The charles proxy tool uses

Mobile 2023-07-30 01:27:56 views: null

The charles proxy tool uses

1. Principle

Both Fiddler and Charles are http protocol debugging proxy tools, which can record all HTTP requests between the client and the server, analyze request data, set breakpoints, debug web applications, modify requested data, and even The data returned by the server can be modified, and the function is very powerful.

Principle: A proxy server is established between the client and the server to monitor the request sent by the client and the response returned by the server

2. Charles (for Windows and MAC)

3.1 Charles installation configuration (windows)

(1) Enter→\share.kwps.info\share\Test Department Data Sharing\Account&Drive&Store\Test Tools\Packet Capture Tool\charles

PS: Note that the number of bits of the installation package is consistent with the number of bits of the computer system

(2) After the installation is complete, open the Charles software, click proxy, select proxy settings, fill in the port as 8888, and check the check box under port:

(4) Then connect the mobile phone (Android or IOS) to WiFi: kso, and enter the kingsoft.com account for identity verification. After the connection is successful, connect to the computer IP, and the computer IP query is as shown in the figure:

(5) After the Android mobile phone is connected to WiFi, set the proxy:

After connecting to WiFi on the IOS side, set the proxy:

After the proxy is set in the mobile phone, Charles on the PC side will display the following prompt, click allow:

(6) https capture request settings:

Computer installation certificate, enter the menu bar, Help->SSL Proxying->Install Charles Root Certificate:

At this time, there will be the following prompt, click "Install Certificate", and then follow the certificate wizard to operate step by step, and the installation will be successful. Finished importing the certificate:

Mobile phone installation certificate: help->ssl proxying->install charles root certificate on a mobile device or remote…

Charles also needs to configure accordingly, go to Proxy->SSL Proxying Settings:

Check Enable SSL Proxying in SSL Proxying Settings, and enter the host and port number of the url to be captured in Locations (port can be empty or fill in 443):

Ps: * indicates that all https interfaces are captured; if only some domain name interfaces need to be captured, the following settings are sufficient, and the corresponding domain name must be correct.

The mobile phone proxy to the computer IP, charles port, and the mobile phone comes with a browser to access Charles Web Debugging Proxy • SSL CA Certificate installation to download the certificate and install it similar to fiddler

3.2 Charles installation configuration (MAC)

(1) Official website Download a Free Trial of Charles • Charles Web Debugging Proxy After downloading the MAC version installation package, unzip it and open it, and drag the package into the application folder. At this time, an original version of the software can be used by us, just there is a trial period

(2) To intercept the network request on the mobile device, our mobile device must be on the same network segment as the computer, check the IP address in the network settings of our computer, and then click on the network on the computer we are connected to on the mobile device, in the proxy In the first column, select manual, fill in the ip address we just checked here, and set a port number.

(3) Check and configure the port number in the Proxy setting in Charles as follows

(4) Click the Proxy button on the Charles toolbar and select Proxy Settings...

Switch to the SSL tab, select Enable SSL Proxying, don't worry, don't turn it off after the selection, there is another step

This step is different from Fiddler. After installing the certificate, Fiddler can capture the package of the HTTPS URL. Charles is more troublesome. You need to fill in the domain name and port to capture the package in the Locations form of the SSL tab in the previous step, click the Add button, and then pop up In the form, fill in the domain name for Host, such as api.instagram.com , and 443 for Port

(1) At this time, we open the app and we can see the data. So far, the packet capture work has been done for Windows:

Download the cracked jar package of the corresponding version on the Internet, copy the patch file charles.jar to the lib directory of the software installation root directory, overwrite the original file, start Charles.exe, and the crack is successful

3.3 Charles Crack

Charles is charged, the uncracked version will stop every 30 minutes

Download the corresponding patch file from the Internet, copy the patch file charles.jar to the lib directory of the software installation root directory, overwrite the original file, restart Charles.exe, and crack successfully

3.4 Charles packet capture analysis

1. Panel:

Structure method: You can clearly see the data structure of the request, and divide the request information by domain name, so you can analyze and process the data clearly.

Sequence mode: You can clearly see all the requests without having to click on them layer by layer. Here, the data requests are executed in the order of the data requests, which means that the requests will be displayed in the front soon.

2. Filter

Select Proxy->Recording Settings in the menu bar of Charles, then select the Include column, select Add, and then fill in the protocol to be monitored, host address, port number, so that the purpose of filtering is achieved. As shown below:

3.5 Charles interface

The value of the repeat function for the front end is that it does not need to refresh the page, but only needs to repeat the request, such as checking whether the proxy is successful, executing after modifying the request, etc.

"repeat" sends the request repeatedly.

"Repeat Advances" can customize the number of repetitions and the interval between repetitions.

3.6 Charles Tampering with Data

3.6.1 Setting breakpoints

Open the menu bar breakpoint settings, click the red button to sink state or Tools—>Enable Breakpoints

Right-click the request to be tampered with —> select Breakpoints, check

The status after successful setting is as shown in the figure below:

When accessing this interface again, the request is automatically opened in a new page, the interface cannot respond successfully, and the breakpoint is set successfully.

The default breakpoint is to intercept the request and response at the same time. If only the request or response needs to be tampered with, modify the breakpoint settings.

3.6.2 Tamper Request

The following takes http://kmosvr.wps.cn:8010 interface tampering as an example

Set a breakpoint and only intercept http://kmosvr.wps.cn:8010 request Request

Proxy—>Breakpoints Settings, select the breakpoint data and double-click to edit, only check Request, save the settings

Request the http://kmosvr.wps.cn:8010 interface again, a Breakpoints panel will pop up, select Edit Request, modify the request parameters, and click Execute.

App can see the modified data

3.6.3 Tamper Response

The following takes mrobot.pclady.com.cn interface tampering as an example

1. Set a breakpoint, only intercept mrobot.pclady.com.cn request Request

Tools—>Breakpoints Settings, select the breakpoint data and double-click to edit, only check Response, save the settings

Request the mrobot interface again, a Breakpoints panel will pop up, and select Edit Response—JOSN Text for easy editing. Modify the response parameters you want to tamper with, and click Execute.

You can see the tampered data on the App

3.6.4 Mapping to local files

1) Select the corresponding data that you want to tamper with, right-click -> save Response and store it locally, preferably in txt format, and then modify the content in txt format to save the data you want for future use.

2) Select the request, right click—>Map Local—>select the previously saved response file—>OK

3) When accessing this interface again, the data will be rewritten to the local file normally

3.7 Charles simulates slow network speed

Menu—>Proxy—>Trottle Settings, check Enable Throttling, fill in the upload and download bandwidth, the unit is kb/s, click OK to save and it will take effect.

3. Frequently asked questions

1. After following the settings, the browser still cannot capture the package

Troubleshooting method:

(1) The situation that the chrome browser cannot catch: In fact, fiddler can catch the request of chrome.

Since chrome may have installed the proxy management plug-in SwitchySharp, whether you choose to connect directly or use a proxy connection, the plug-in will block the settings of fiddler.

Fiddler will automatically set a proxy 127.0.0.1 port 8888 for the browser, and remember the proxy settings of the browser. All requests go to the fiddler proxy first, and then go to the browser proxy.

If you use a plug-in, it may directly block the proxy of fiddler, so the request cannot be monitored.

The solution under chrome, the proxy plug-in selects the "Use system proxy settings" option, and fiddler can see chrome's request again.

Or do not use the plug-in, do not need to uninstall, chrome is very convenient to disable a plug-in. Then use the default proxy setting method of the browser and it will be ok.

(2) Check whether the plug-in for blocking advertisements is installed. I used the computer housekeeper Internet protection plug-in here, which made it impossible to capture packets. After disabling the plug-in and restarting the browser, it was normal.

2. The mobile phone has already installed the certificate and is proxied to the computer. Some HTTPS requests cannot be parsed

Reason: When the mobile phone installs the certificate, it is installed by proxy to other computers, or there are multiple charles certificates in the device

Solution: Delete the certificate installed by proxy to other pc before, proxy to your current pc, and reinstall the certificate

3. The iPhone certificate cannot be verified and cannot be verified after installation

Reason: The certificate on the PC side is not installed or is invalid, resulting in the failure of the verification

Solution: PC reinstalls the PC-side certificate, deletes the original certificate and reinstalls it again

4. The Android download certificate shows that it cannot be downloaded

Solution: 1) Be sure to use the mobile phone's own browser to download

2) The Android device must set a password to download the certificate, which is caused by the security mechanism of the Android system.

5. After downloading the certificate, the certificate cannot be installed

Reason: The system cannot install the certificate type

Solution: Select the certificate FiddlerRoot.cer installation from Settings-(More Settings)-System Security-Install Certificate from Storage Device-download

6. The request packet cannot be caught on the iOS simulator

Solution: restart the emulator

7. The mobile phone has set up a proxy, but the request sent by the app cannot be captured

Reason: To intercept network requests on mobile devices, our mobile devices must be on the same network segment as the computer

Solution: Check whether the zhpublic external network WiFi is connected, generally use the kso network

8. Only want to grab the requests on the mobile phone, not the requests of PC applications and browsers

Fiddler: uncheck monitor all connections

Charles: uncheck windows proxy

Guess you like

Origin blog.csdn.net/DY_CSDN/article/details/130016700
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com