Tutorial: Testing SSL using Charles Proxy on an iOS Device

Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the communication between your iOS app and the SSL web server.

Charles does this by becoming a man-in-the-middle. Instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate). Charles receives the server’s certificate, while your browser receives Charles’s certificate.

Share WiFi & Setup Charles for SSL

Follow the steps below to setup Charles to enable SSL testing using Charles 3.10.x.

  1. Share your ethernet internet connection via WiFi, Settings > Sharing
    Screen Shot 2016-01-19 at 9.44.29 AM
    You can see that you are sharing your internet connection if your WiFi has an up arrow within it.
    Screen Shot 2016-01-19 at 9.45.58 AM

  2. Download Charles: http://www.charlesproxy.com/download/ (free trial)
  3. Open Charles
  4. Go to Proxy > SSL Proxy Settings…
    Screen Shot 2016-01-19 at 9.50.36 AM

  5. Check “Enable SSL Proxying”
  6. Select “Add” and enter the host name and port (if needed)
    2

  7. Click ok and make sure the option is checked
  8. Download the Charles cert, go to Help > SSL Proxying > Install Charles Root Certificate on a Mobile Device or Remote Browser
    Screen Shot 2016-01-19 at 9.42.25 AM

    The following popup will appear to let you know what proxy url to setup in the next step:
    Screen-Shot-2016-01-19-at-9.52.31-AM

  9. Configure your device to use Charles as its HTTP proxy, WiFi > Select your network > tap the i for the details
  10. Modify the HTTP proxy to point to the IP address of the proxy as shown above.
    IMG_1170

  11. Open Safari on your iOS device and go to http://charlesproxy.com/getssl to install the Charles Certificate.
  12. Install the Certificate on your device when prompted
    IMG_1172
    If you need to access the certificate later you can find it here, Settings > General > Profiles & Device Management
    IMG_1171

Testing SSL in your App

Now that Charles is setup and the connection between your app and your computer is working you can start to test the SSL calls within your app.

  1. Open Charles and click the Trash can to clear the current session
  2. Click on the URL of the host service you would like to see details on
    3

  3. Click “Sequence” to see the details and scroll down until you see the URL of the host you wish to see the response details for.
    6

  4. Double click on the line for the popup to appear so you can copy any values you need.
    Screen-Shot-2016-01-19-at-10.01.19-AM

Tutorial: 3D Touch - Quick Actions in SwiftTutorial: How to test your app for IPv6 compatibility
Brian Coleman

Manager, Mobile Development at Rogers Communications with over 15 years of multifaceted experience including development, design, business analysis and project management working directly with clients in a consulting capacity throughout the full software life cycle.

January 19, 2016 Uncategorized,