Install CharlesProxy CA Certificate on Android

I use Charles Proxy extensively for debugging all kinds of applications, and lately I've been using it more with mobile devices. One of the killer features of Charles is its ability to intercept SSL traffic. This is hard - and rightly so, it should be difficult to inspect SSL traffic!

Charles handles this by using the server's SSL certificate for the connection from Charles to the remote server, and then using Charles' own SSL certificate for the "last mile" back to your browser or device. This means that the connection will be flagged as insecure; Charles' certificates aren't trusted by your browser or device - but we can easily change that. Continue reading

Using Charles To Debug PHP SOAP

I used this trick to solve a particularly sticky problem last week, so I thought I'd share. I had a 3rd party SOAP service (except it was actually a .NET WCF service, which is almost SOAP but not quite) which didn't behave in accordance with the way its documentation said it would. PHP's SoapClient has the ability to enable tracing and give information about the request/response headers/body, which is useful, but I needed to store the outputs and also rewrite a particular request header during the course of debugging this. Enter: Charles Proxy. Continue reading