Charles proxy fails on SSL Connect Method

ssl iptables proxy charles-proxy

Solution 1:

From iOS 10.3 you also need to go to Settings > General > About > Certificate Trust Settings and trust Charles certificate.

enter image description here

Solution 2:

You can face with this problem at some applications like Facebook or Instagram. Charles certificate doesn't work at some new apps because they are using a technique named as SSL-PINNING. First of all you have to break ssl-pinning system of application or you can instal old version of application then it sometimes works but we need a new solution about ssl pinning in order to record traffic for this kind of applications.

Solution 3:

as @Berkay Yıldız says, it probably using ssl/certificate pinning.

how to fix/avoid/disable ssl pinning?

the whole logic is:

LEVEL 1: for normal http: core logic:

  • PC:Mac/Windows
    • Charles set http proxy
    • set port
  • app use Charles proxy
    • inside Wifi, set
      • host IP
      • port

Note: computer side, MUST use wired network, NOT wireless, otherwise mobile side network not usable

LEVEL 2: for encrypted https

  • PC
    • install Charles root certificate
      • Mac:use Key Chain to trust Charles Root CA
    • Charles
      • Enable SSL Proxying
        • set location filter for your specific api address
  • phone
    • app
      • install Charles Root CA
        • Note: type should select: VPN and Application
          • NOT select:WLAN
        • makesure certificate install successfully
          • Trusted Credentials -> User, can see installed Charles certificate

LEVEL 3: for SPECIAL https which using ssl pinning:

  • Phone:
    • make sure root or jailbreak
      • Android:has rooted
        • for later to install tool: Xposed
      • iOS:has jail break
        • for later to install tool: Cydia
    • then install plugin/tool, capable of avoid/disable ssl pinning
      • Android:
        • JustTrustMe (based on Xposed)
        • Android-SSL-TrustKiller (Cydia Substrate)
      • iOS:
        • SSL Kill Switch 2 (based on Cydia)
          • old version:iOS SSL Kill Switch (based on Cydia)

more detailed summary please refer my post (written in Chinese): 1 and 2

Solution 4:

Some folks my end up here with android N Devices that won't do SSL over charles even after installing the cert - now on http://chls.pro/ssl

In N - you need to also add an xml file and security config. This post goes into more details: How to get charles proxy work with Android 7 nougat?

Related

MongoDB 'unable to find index for $geoNear query'
How do I see my git remote url?
How to check if multiple variables are defined or not in bash
Profile.getCurrentProfile() returns null after logging in (FB API v4.0)
Print all the Spring beans that are loaded - Spring Boot
How is "Target Groups" different from "Auto-Scaling Groups" in AWS?
What is shortcut for uncomment in Visual Studio Code?
How do you know what version number to use?
How to add a Try/Catch to SQL Stored Procedure
Multiple dispatch in C++
List assets in a subdirectory using AssetManager.list
How to send list of file in a folder to a txt file in Linux