Charles is a fast and powerful recording tool you can use to inspect and analyze requests made from/to your computer. Providing many essential features, I’ll quickly describe below some of the main ones, including the SSL Proxying, Bandwidth Throttling, and the general overview and details of the information that is passing through the proxy server.
The latest version of Charles can be downloaded from the official website: https://www.charlesproxy.com/documentation/installation/
After downloading it, continue with a regular installation. The app will require you to grant it privileges in order to make the recommended automatic network configurations. You will only need to do this once.
The image above presents the current session (1), including all the recorded information (2) and the details for each separate host (3).
- A host must be focused on in order to be separated from the rest of the hosts for a better view;
- The SSL proxying must be enabled so Charles can decrypt SSL events;
- Breakpoints must be checked for each host in order to intercept requests and responses before they are passed through Charles.
Install SSL root certificate:
After the installation is complete, the next step is opening Charles and installing the root certificate. However, although Charles can intercept the requests coming from or to your computer, it cannot read their content. The reason is that the HTTPs protocol uses SSL to encrypt the information from the request or response and to prevent proxy servers from peeking inside their content.
Please note that, as this certificate isn’t issued by a trusted certificate issuer, we’ll need to tell our devices to trust it explicitly.
A pop up will require you to enter your password, then click Update Settings.
Once enabled, Charles will be able to decrypt SSL events.
Modifying requests / responses
Charles provides a way for users to look into requests and responses from any selected website. Additionally, the user can set up “Breakpoints” for a specified host and control whether the requests will pass, be blocked, or have their data modified.
– Open up Charles and your preferred browser.
– Access a website where you want to examine the request contents.
– Note that the host is now displayed on the left part of the application, in the “Structure” section.
– Right-click it, check the “Enable SSL Proxying” and the “Breakpoints” options.
– From your browser, make a request.
Note that when a request or response trips a breakpoint, the Breakpoints window automatically opens in Charles and comes to the front.
The Breakpoints window contains a list of the requests and responses currently intercepted and waiting for your action. Select the request or response you want to view and edit the contents. Then decide to Execute, Abort, or Cancel the breakpoint.
Charles can be used to adjust the bandwidth and latency of your Internet connection. To do so, access the Proxy -> Throttle Settings menu -> set your preferred values / or chose an internet setting from the default presets.
Those options enable you to simulate a particular setup or network speed. As shown above, there is also an option to enable throttling for a specific set of hosts.
Another useful function of Charles is that it can prevent caching on web sites. It can come in handy if you want to reproduce a new visitor’s experience to your site.
At the most basic level, a man-in-the-middle app like Charles can:
- Configure the network settings to get all the traffic through it so the user can inspect the network events.
- Generate and use its own self-signed certificate to decrypt SSL.
- Act as a proxy server to help the user modify the requests and responses.
If you have any questions about Charles or about us, let’s talk here: