Charles use – mobile terminal capture package tutorial

This article will show you how to crawl HTTP (HTTPS) requests and WebSocket (WSS) on mobile devices using Charles and proxy tools. The devices used in this paper are Mac and an Android phone, Charles version 4.6.1

Configure proxy on Charles

1. Click the gear button

   

2. Select “Proxy Settings”
   
   

3. Click the following image to set and click OK button to save

   

Install the certificate

1. Check the device you want to capture, make sure it’s connected to the same wifi as your computer, and make sure both devices are on the same LAN.

2. On the PC menu bar, select Help→ SSL Proxying → Install Charles Root Certificate
   
   

3. Select “System” in the pop-up keystring box and click the “Add” button.

4. Type “Charles” in the upper right corner of the Keychain app to search for the certificate you just added

5. Double-click the certificate to open the certificate details window and set the certificate to always trust
   
   

6. On the menu bar, select Proxy → SSL Proxying Settings
   
   

7. Select “Add” in the window that appears
   
   

8. Set Host to * and Port to 443, and click OK to save
   
   

Check whether the certificate takes effect

1. Enable macOS Proxy in the Menu bar Proxy
   
   

2. Open a browserwww.baidu.com/, check in Charles…

Configure the certificate on the phone

1. On the menu bar, choose Help → SSL Proxying → Export Charles Root Certificate and Private Key

2. In the box to set the password, set a simple point, here we enter 12345678
   
   

3. A. P12 certificate file is generated, and the certificate is sent to the mobile phone and installed. It is recommended to use wechat File Transfer Assistant here. After sending it to your mobile phone, you can directly click open it with other applications. Enter the password and click OK. The installation is successful
   
   

Configuring the Mobile Phone Agent

Download an agent tool App on your mobile phone (support Socks5)

Configure the Proxy tool to Proxy mobile phone traffic to the PC. The port number is the SOCKS Proxy port number (8889) set at the beginning of this article. If the Proxy tool has rules, set it to “all” or “global”.

Check whether packets are captured successfully

Open the browser (or APP or small program) on the mobile phone, access the application that needs to capture the package, and check whether it is captured successfully and whether the content is displayed normally on Charles on the computer