Shulou(Shulou.com)06/02 Report--

By setting itself as the network access proxy server of the system, Charles makes all network access requests completed through it, thus realizing the interception and analysis of network packets.

Charles is a paid software that can be tried for 30 days free of charge. After the trial period, unpaid users can continue to use it, but each use time cannot exceed 30 minutes, and there will be a 10-second delay at startup. However, you can also find the cracked version on the Internet, and you can use it at will by replacing the charles.jar in the original lib file.

The main features of Charles include:

SSL proxy is supported. You can intercept requests for parsing SSL.

Flow control is supported. You can simulate slow networks and requests with long waiting times (latency).

AJAX debugging is supported. Json or xml data can be automatically formatted for easy viewing.

AMF debugging is supported. Flash Remoting or Flex Remoting information can be formatted for easy viewing.

Resend network requests are supported to facilitate back-end debugging.

Modification of network request parameters is supported.

Support the interception and dynamic modification of network requests.

Check that the HTML,CSS and RSS content conforms to W3C standards.

Charles download: official website https://www.charlesproxy.com/, the latest version is 4.1.2, divided into win, mac and Linux, parents can download on demand. Take the winows64-bit version as an example:

Downloaded image file:

Charles installation:

Double-click the msi file and click the next step like a fool

After the installation is complete, you can go to your installation path to find charles.exe to try ~ ~ if you want to crack the friend, you can download Charles.jar in the http://pan.baidu.com/s/1eSEInya password: K843, by the way, this ja package is also used with the charles version, which is used here. There are versions of mac and win32/64 in this file. Use oh ~ replace the file with the same name in lib under the root directory of Charles as needed, so you don't have to wait 10 seconds to open Charles.

The above is just the installation of Charles. If it is opened and used at this time, part of the crawled package is in unknow status.

Charles configuration:

1. Set charles as the system agent: Proxy- > Windows Proxy

It should be noted that Chrome and Firefox browsers do not use the system's proxy server settings by default, while Charles completes packet interception by setting itself as a proxy server, so the network communication between Chrome and Firefox browsers cannot be intercepted by default. If you need to intercept, you can set it to use the system's proxy server setting in Chrome, or simply set the proxy server to 127.0.0.1. The same effect can be achieved by setting the proxy 8888.

Charles main interface:

In the figure, structure and sequence are two view modes:

The structure view classifies network requests by the domain name accessed, and the sequence view sorts network requests by the time of access.

Filter keywords can be set at Filter. For example, if you enter the domain name you want to filter, the main interface displays only the packets related to that domain name.

Request displays the request content

Response displays the response content.

Intercept network packets of mobile devices, including APP, Wechat, etc. (take iPhone as an example):

Set on Charles: to intercept network requests on iPhone, first turn on the proxy function of Charles. Select "Proxy"-> "Proxy Settings" on the menu bar of Charles, fill in proxy port 8888, and check "Enable transparent HTTP proxying" to complete the setting on Charles.

Settings on iPhone: "Settings"-> "Wireless Local area Network", you can see the wifi name of the current connection. By clicking the details button on the right, you can see the details of the wifi on the current connection, including IP address, subnet mask and other information. At the bottom of it, there is an item of "HTTP Agent". We switch it to manual, and then enter the IP of the computer where Charles is running and the port number 8888 in the server column, as shown below:

Once set up, open any program on iPhone that requires network communication, and you can see that Charles pops up the confirmation menu of iPhone request connection, and click "Allow" to complete the setting.

If you need to intercept and analyze the content related to SSL protocol. Then you need to install the CA certificate for Charles.

First of all, you need to install the certificate on the computer. Click the top menu of Charles, and select "Help"-> "SSL Proxying"-> "Install Charles Root Certificate" as shown below:

The installation certificate window pops up:

At this point, the setup on the Charles is complete.

If you also need to grab the https package on your phone, you also need to download the ca certificate:

Click the top menu of Charles, select "Help"-> "SSL Proxying"-> "Install Charles Root Certificate on Mobile Device and Remote Browser", and the following image will pop up:

Type "chls.pro/ssl" in safari, search for the CA certificate, and the following figure pops up:

After installing (here LZ has already been installed), you need to trust the certificate in "Settings"-> "about this Machine"-> "Certificate Trust Settings":

Secondly, enter http://charlesproxy.com/getssl in the mobile browser to open the interface for certificate installation. After installing the certificate, you can intercept the Https communication content on the phone. This is the first certificate in the image above.

However, Charles does not intercept SSL information by default. If you want to intercept all SSL web requests on a website, there are two ways to handle it:

1. Right-click on the request and select Enable SSL proxy:

2. Select "Proxy"-> "SSL Proxying Settings" on the top menu of charles:

Click "Add" to add host and port:

Host:* means you can take any value.

Port:443

At this point, the interception of web and the setting of mobile network packets are basically completed.

Note: if the intercepted package returns garbled or the "unknow" status of the intercepted package is returned, the certificate may not be installed, or the SSL may not be authorized

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.