In this article, we will discuss about how to capture the traffic of our Android application using a tool called Charles Proxy. I recommend you continue reading, you will love it!
Developing a Web application is immediately viewing and analyzing all HTTP requests that are made. Client requests and server responses are easily traceable and reproducible. Instead, when you are working with a mobile device, both physical and virtual, the analysis of this traffic is not as trivial.
Therefore we will present a tool that is very useful, as much in the case covered in this article, as in many others, Charles Proxy.
This tool can be used to monitor all HTTP and HTTPS traffic, using for it certificates that the Proxy itself provides us, with a duration of 24 hours.
SETUP CHARLES PROXY
First of all we will configure our Charles Proxy. To do this, let’s Proxy in the menu and follow those steps:
- Proxy > Proxy Settings: We leave the port as default and activate “Enable transparent HTTP Proxying”
- Proxy > SSL Proxy Settings: Activate “Enable SSL Proxying” and we add a new entry in Locations (Host: *, Port: *)
SETUP ANDROID EMULATOR
Once we set up Charles Proxy, we are going to set up our Android emulator. For that, when the time of launching it arrives, we will need to pass the IP of our Charles Proxy as an environment variable (in Charles Proxy: Help > Local IP Address), with something similar to the following command:
emulator -netdelay none -netspeed full -avd <emulador> -http-proxy http://<ip-proxy>:8888
(If we have changed the port for another when we had to set up the Charles, we also have to change the port value)
Once the emulator is opened, we will install the certificate that gives us Charles Proxy by opening from our mobile browser this url. A dialog will automatically appear to install a new certificate on mobile as shown in the following picture:
It should be enough by putting a name and accepting the installation. Once all these steps are done, we go to Charlesproxy and click on the button “Start Recording” (Or also, from Proxy > Start Recording) and from now you will have any HTTP/HTTPS traffic exiting from the mobile. I leave you with a screenshot of the final result: