Been using Charles Proxy for years now but recently I've been having issues setting up my Android device.
Certificates have been installed on the Android device. I've confirmed they are in fact listed as trusted certificates in my certificates list. Everything is setup correctly, but SSL traffic continues to be blocked.
I've tried reaching out for support, but they don't ever respond.
Has anybody had this issue before?
I was having all my traffic blocked. The issue was that "Allow list" (in Tools menu) was enabled, so only traffic to allowed locations were going through. After disabling that, issue got fixed.
Everything is setup correctly, but SSL traffic continues to be blocked.
Sometimes I used to see red cross on SSL requests coming from Android. I was unable to read the content. It started working fine for me after I setup the SSP Proxy Settings option. I checked the Enable SSL Proxying option as shown in the image and added the wildcard URL's that I want to filter. Eg: *.your-server-url.com
Update:
Also I don't think you can do it in release build of your application.
And for Android N and above there have been these changes you'll need to include in your project for it to work: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
Hope this helps a bit.
Related
I installed Nox Player emulator on my Windows PC and used both Fiddler Classic and Charles Proxy to capture traffic from the emulator. I have installed the certificate of Fiddler and Charles Proxy too. By using Frida I'm able to intercept all the traffic of all apps except one app. When I opened the app it run well without any errors but no single traffic was captured. I modified the .apk file by removing the pin-set in network_secufity_config.xml but no luck. Other apps can be intercepted but not this app. Is there any setup I missed or the app has extra protection?
This similar question has almost the same problem
Either it's not HTTP traffic, or it's not viewable.
If it's not HTTP Traffic, you might need a different tool like Wireshark.
If it is HTTPS traffic that the proxy can't decrypt, it might be PKP. To capture it you might want to produce the stack trace around basic connection classes, see who's producing the calls, and find how to decrypt it within frida. If you're using OS level platforms like Magisk, there are ways to always trust the certificates at the system level, which might save you a hustle.
I am trying to perform a M-I-T-M using Charles proxy with my android(Kitkat) device, i have installed charles Certificate both in my Desktop and as well as in my mobile phone. I have also set proxy manual with ip of my Desktop and using port 8888 which is the default port to use charles, i have also added my mobile ip in my Charles with enabling SSL proxy settings. Now when i am trying to open any website in my desktop then everything is working fine, but the problem happening is when i am trying to open any Https website in my mobile then i am getting ERR_CERT_AUTHORITY_INVALID. I have seen many solutions and none of them are working for me.
I have also seen this post SSL Proxy/Charles and Android trouble and i have done the same thing which is mentioend in the answer but still i am facing this problem.
Anyone Please help me why this error is happening.
This is a doozy. Will try and make it short and sweet.
Hitting the same web URL, my desktop computer reports SSL errors for many sites. HTTPS with a red line strike through and red padlocks in descriptions.
My mobile phone does not, on wifi or mobile network. My remote computer in a remote location does not. Green padlocks for all.
Chrome browser is up to date and latest (Version 47.0.2526.106 m) across all browsers. Extensions are identical across local and remote desktop.
I cannot for the life of me figure out what is loading up on my desktop at home that isn't loading up on my remote desktop at my moms. Both machines are on Win7 64 bit. Both chrome browsers are same version, same extensions running. Recently 'reset' chrome on my home desktop to try and fix. Worked first time, but problem came back. Second time it didn't do anything. Very random. Somedays i'll get green padlocks, somedays i get red ones. The intermittent nature of this has me dumbfounded. Also, all of the browsers actually state the info about an obsolete cipher, but only my desktop deems it to be redlock worthy. It also claims there are other insecure resources on the page, but my remote desktop and mobile device don't see them. wth?!?!
Should i completely remove chrome and reinstall it from scratch? Since i already used the 'Restore settings to their original defaults.' button in the settings.. this doesn't seem like it would cure it.
One other aspect i haven't been able to determine is whether my computer being hardwired into a TL-WPA4220 WiFi Powerline Extender is the culprit. Does the fact the extender/repeater not a direct connection to my router have anything to do with this? Altho my mobile phone is connected to that wifi access point and it shows a green padlock on the same sites so....
I am currently running a virus scan as we speak.
Any guesses? Thanks in advance.
Attached pics.
home desktop | remote desktop
if you look at the dialog at the home desktop closely you will see
connection is not private because the site loaded an insecure script
Since you don't see the message at the remote desktop it is very likely that a locally installed browser extension causes this problem. Thus check your extension, disable them and retry.
I figured it out after thinking long and hard about the differences between computers. Ultimately i realized that all the working browsers were either fresh installs, or browsers that didn't have my user account connected and synced through it.
I ultimately went to Settings > Sign In / Disconnect your Google Account... and made sure all cookies/data for the local device were removed. Then i did a full browser 'Reset'.
Once i had the default standard page asking me to sign it, i tested the offending page. It showed up with a green padlock. I tested other offending bank sites as well. All green.
From there i closed the browser and restarted it, and when presented with the page to log into my google account, it resynced all my bookmarks/toolbars/extensions.
And still all green padlocks. Hopefully this is a permanent fix but for now it's all holding well. I also got slightly more updated to Chrome Version 47.0.2526.111 m.
My assumption here is that somewhere between the time i first synced my chrome to my google account years ago on this computer, whatever version it was then (42,45,who knows) that one of the updates to chrome didn't take well on my desktop and was creating conflicts only on this computer under this local profile. No amount of clearing cookies or resetting the browser could fix it. Fully disconnecting my account and re-syncing my chrome to my google account is what fixed the HTTPS / SSL padlock problems.
Not sure if this will help anyone, seems i was the only one on the internet with this problem. :P
I have a Nexus 5 that I bought directly from Google (in the UK). I've spent a considerable amount of time in the last couple of days trying to get the device to proxy through my laptop (using Charles). However, it just won't work. No matter what I do, while trying to access any site through Chrome (the default and only browser on my device), the proxy is ignored.
I've tried proxying using the exact same method with my Nexus 7 device and all works well.
I've tried:
Soft resets
Clearing the cache on Chrome on the device
Various combinations of connecting and disconnecting from the wifi network, removing and reinstating the proxy settings
Followed these instructions to the letter (and varied it where possible)
It's driving me mad. I have two similar Android devices with identical settings, sat side-by-side and one will play ball, but the other won't.
I've Googled around a lot with no success, I was just wondering if anyone else has encountered this? A fix would be greatly appreciated.
This may be caused by having the Data Compression Proxy enabled, which causes Chrome to ignore your manually configured HTTP proxy settings as plain traffic becomes routed over SPDY to Google's proxy server.
https://developer.chrome.com/multidevice/data-compression
I am the lead on the Chrome data compression proxy. If you can go to chrome://net-internals in Chrome and save a trace, and file a bug at crbug.com with the details (feel free to email me or update this thread with the bug ID) that would be very helpful. Also, have you tried a non-Chrome browser (e.g., Firefox)?
Does anyone know how to set up fiddler to monitor/sniff traffic from bluestacks? I've seen others mentioning that it can be done, but need some direction on configuring fiddler or configuring bluestacks to get it going. Currently fiddler is returning a message, some tunnel to message. Perhaps I would need to configure the port/proxy for bluestacks. If this is the case, does anyone know how this is to be done or can point me in the right direction?
You can capture Bluestacks traffic using:
Wireshark (problem: we can't see https (SSL) traffic)..
We can use ProxyCap software and setup all BlueStacks executables to work via our Fiddler local proxy. But we have an issue here - We can't import Fiddler Certificate into BlueStacks (at least I didn't found a way yet)..
one possible solution would be to:
KILL BlueStacks processes.
Find BlueStacks Root.fs file (in my case it's located here: c:\ProgramData\BlueStacks\Android)
edit that file using linux tools (it's an image .. we can do fdisk Root.fs to see partitions.. then mout it with loop rw .. and modify.. but that's need more digging).
one important note: we need to find a way to block BlueStacks autoupdates (and discard our changes in Root.fs)
Supposedly, BlueStacks doesn't support proxy settings (https://android.stackexchange.com/questions/27224/how-to-configure-bluestack-appplayer-to-use-proxy-settings-when-connecting-to-ne) which would imply that its traffic would not go through Fiddler.
However, you say "Fiddler is returning a message some tunnel to message" which implies to me that maybe they were incorrect and the traffic is going through Fiddler and the client merely needs to be configured to trust the Fiddler root certificate.
Can you share a screenshot of the Fiddler UI showing the "Tunnel to" in question?
If all you need is to set a browser within Bluestacks proxy, this proxy setting app worked for me:
https://play.google.com/store/apps/details?id=com.lechucksoftware.proxy.proxysettings