NOTE: This repo has been refurbushed and published on Medium: https://medium.com/@begunova/charles-proxy-setup-for-desktops-and-mobile-devices-03c3fd28f882.
π΅ Structure Tab Icons
π΅ Exclude a host from being recorded
π΅ Remove a host from a recorded session
π΅ Remove sensitive information from a recorded session
π΅ What happens if Charles root certificate is not installed?
π΅ Remove Charles root certificates
π΅ No internet connection after setting manual proxy
π΅ Miscellaneous issues
Structuretab groups HTTP requests by host.Sequencetab shows each HTTP request individually sorted by oldest first.
Each host on the Structure tab has one of these four icons:
π To summarize: lock π icon means SSL proxying is not enabled for that HTTPS host; lightning β‘οΈ in the icon means the host is using HTTP/2 protocol.
Example scenario: I have Slack Chat open in the background when recording a Charles session and I don't want that to show up in my session.
Solution: go to Proxy > Recording Settings > Exclude > Add.
Let's say I want to exclude xkcd.com and subdomains e.g. imgs.xkcd.com, then I can simply enter *xkcd.com in the Host field. For more advanced filters, click Help for examples/explanations.
Double-click on any existing entry to edit it.
Avoid excluding any host that is accessed by the website or app under test (AUT).
π I had issues where hosts that are added to the Exclude list still show up on the session. Curiously, all the problematic ones are HTTPS hosts, whereas the HTTP hosts were excluded without issues. After some time (in the range of a few hours, up to about a day), the issues went away by themselves so I'm not sure what happened there.
Example scenario: a scenario similar to exclude a host, except that I didn't add the host in the Exclude list. So the host ended up being recorded in the session. I want to remove that from the session.
Solution: Select the host on the Structure tab, right-click > Clear.
Avoid accidentally removing any host that is accessed by the website or or app under test (AUT).
Sometimes I have to use my own account to test an app or website in a cycle. It's important to make sure sensitive information like password is removed or is not present in the recorded session before I upload it as an attachment.
One way is to only start the recording after I log in. That way my login information won't even show up on the recorded session in the first place.
Alternatively, I can press Ctrl+F and search with some keywords like "password". I'll see something like the screenshot below.
π I can right-click on any result and click Remove, but it only removes that result from the search results and not from the recorded session.
Double-click any search result to open up that particular request.
Once certain that it is the request with the sensitive information, right-click and select Clear.
Repeat as necessary.
When I have Charles running without having a root certificate installed, most of the sites will browse just fine. But for hosts where I have enabled SSL proxying (by going to Proxy > SSL Proxy Settings... and adding an entry), I'll get an error as seen in the images below.
Your connection is not private or Did Not Connect: Potential Security Issue error page, as seen on Chrome 110 and Firefox 110.
Tested with Chrome 110
-
Windows
-
Open the Run window
Win+R, typecertmgr.mscand pressEnter. If the the root certificate was added underTrusted Root Certification Authoritiesduring the root certificate installation steps, then go there and look forCharles Proxy CARight-click on it and clickDelete.
-
Alternatively, go to
Control Panel > Internet Options > Content > Certificates > Trusted Root Certification Authorities, click onCharles Proxy CAand clickRemove.
-
-
macOS
-
Remove the certificate via the Chrome browser
Settingsas depicted below:
-
Alternatively, go to
Spotlight Search > Keychain Access > login > Certificates, click onCharles Proxy CAand clickDelete.
-
Tested with Firefox 110
-
Windows
-
Firefox default directory for certificates is
%USERPROFILE%\AppData\Local\Mozilla\Certificatesor%USERPROFILE%\AppData\Roaming\Mozilla\Certificateson Windows. Locate the Charles certificate at the path, right-click on it and clickDelete or Distrust. -
Alternatively, click the navigation drawer menu in the browser's top-right corner and select
Settings. Go toOptions > Privacy & Security > View Certificates > Authorities tab. Scroll down toXK72Ltd, clickCharles Proxy CA, clickDelete or Distrustand clickOK.
-
-
macOS
-
Firefox default directory for certificates is
~/Library/Application Support/Mozilla/Certificateson macOS. Locate the Charles certificate at this path, right-click on it and clickMove to Trash.
-
Alternatively, perform removal via the Firefox browser
Settings, similar to the Windows flow illustrated above.
-
Go to Settings. Search "certificates" and tap Trusted credentials. Go to User tab and look for root certificate with words like:
XK72 Ltd.
Charles Proxy CA
Tap on the certificate and tap Remove.
I set the manual proxy on my phone to the computer running Charles. When I try to browse a website on the phone, I expect to see a prompt on Charles about an unauthorized device trying to connect, as per the Charles documentation. But I don't see that prompt, and my phone appears to have no internet connection. Even after manually adding the phone's local IP to Proxy > Access Control Settings, there is still no internet access on my phone and Charles is not recording any network activity on the phone.
- Open Start. Type "network status" and click the matching item.
- Click
Change connection properties. - Under
Network Profile, selectPrivate(it was originally set toPublic).
Charles may need be restarted. Fiddler, however, works fine without having to change the Network Profile to Private
β Charles is not recording network traffic on Firefox but it is working fine on Chrome and Edge.
πGo to Options > Settings (under Network Proxy), and make sure Use system proxy settings is selected. If I'm getting Your connection is not secure on HTTPS sites after that, I may have to visit https://chls.pro/ssl and select Trust this CA to identify websites to install the SSL certificate on Firefox.