Charles is a fast and powerful recording tool to use in order to inspect and analyze requests that are made from or to your computer, over the internet. Providing a number of important features, I’ll quickly describe below some of the main ones including the SSL Proxying, Bandwidth Throttling, and the general overview and details of the information that is passing through the proxy server.

Installation

The latest version of Charles can be downloaded from the official website: https://www.charlesproxy.com/documentation/installation/
After downloading it, continue with a regular installation. The app will require you to grant it privileges in order to make automatic network configurations that are recommended. You will only need to do this once

Overview

overview

The above image presents the current session (1), including all the recorded information (2) and the details for each separate host (3).

overview1
  1. A host can be focused on, in order to be separated from the rest of the hosts for a better view;
  2. The SSL proxying needs to be enabled so Charles can decrypt SSL events;
  3. Breakpoints need to be checked for each host in order to intercept requests and responses before they are passed through Charles.

SSL Proxying

Install SSL root certificate:

After the installation is complete, the next thing to do is to open Charles and install the root certificate. Currently, although Charles can intercept the requests coming from or to your computer, it cannot read their content. The reason is that the HTTPs protocol uses SSL to encrypt the information from the request or response and to prevent proxy servers to peek inside their content.


install root certificate

However, as this certificate isn’t issued by a trusted certificate issuer, we’ll need to tell our devices to explicitly trust it.


trust cert

A pop up will require you to enter your password, then click Update Settings.
Once enabled, Charles will be able to decrypt SSL events.

Modifying requests / responses

Breakpoints:

Charles provides a way for the user to look into the requests and responses from any selected website. Besides this, the user can set up “Breakpoints” for a specified host and control whether the requests should pass, be blocked, or have their data modified.
– open up Charles and your preferred browser;
– access a website for which you want to examine the request contents
– note that the host is now displayed on the left part of the application, in the “Structure” section;
– right-click it, check the “Enable SSL Proxying” and the “Breakpoints” options
– from your browser, make a request on the website you’re on;
Note that when a request or response trips a breakpoint the Breakpoints window automatically opens in Charles and comes to the front;

breakpoint


The Breakpoints window contains a list of the requests and responses currently intercepted and waiting for your action. Select the request or response to view and edit the contents. Then decide to Execute, Abort, or Cancel the breakpoint.

Bandwidth Throttle:

Charles can be used to adjust the bandwidth and latency of your Internet connection. In order to do so, access the Proxy -> Throttle Settings menu and set your preferred values or chose an internet setting from the default presets.

throttle

Those options enable you to simulate a particular setup or network speed. As can be seen above, there is also an option that can enable throttling to just a particular set of hosts.

Another useful function of Charles is that it can prevent the caching on web sites, which can come in handy in order to reproduce the experience that a new visitor to your site will see.

no caching 1

At the most basic level, a man-in-the-middle app like Charles can:

  • configure the network settings to get all the traffic through it, so the user can inspect the network events;
  • generate and use its own self-signed certificate to decrypt SSL;
  • act as a proxy server to help the user modify the requests and responses;
diagram