.date = @date("2026-05-13T00:00:00"),
.author = "Alexander Goussas",
.layout = "post.shtml",
-.draft = true,
+.draft = false,
---
This blog post comes with an accompanying YouTube video where I showcase a demo
-application and intercept its requests. Watch it here: TODO.
+application and intercept its requests. Watch it here:
+https://www.youtube.com/watch?v=lRNnt2g4gFA.
You have a flashy HTTP API and everybody wants to talk to it. Great! But with
great power comes great risk. All these fuckers could be sending bullshitty
Capturing web traffic should work out of the box, but you have to configure the
tool to allow for SSL capturing (HTTP<i>S</i>). For that, you can follow these
instructions:
-https://www.charlesproxy.com/documentation/proxying/ssl-proxying/.
+https://www.charlesproxy.com/documentation/proxying/ssl-proxying/. I also show
+how to do that in the video linked at the beginning of the post.
You should add each hostname for which you want to enable SSL proxying in the
configuration.
+## Configuring web capturing
+
+The only thing to do here is to configure the Mac OS X Proxy settings to allow
+capturing. You can follow these, rather concise, instructions to do that:
+https://www.charlesproxy.com/documentation/getting-started/.
+
+For other platforms, it should work out of the box without further
+configuration.
+
## Configuring you mobile device for capturing
Now, I was more interested in capturing mobile traffic from the emulator
You can either set breakpoints at the host level or at the request level. For
my use case, I wanted to intercept all requests going to my backend, so I
-activated breakpoints on the host.
+activated breakpoints on the host. In the video I show an example of activating
+breakpoints for a specific request.
-To do this, go to the TODO view, right click on your host and toggle the
-"Breakpoints" option. Then make a request and you should see execution pause a
-new window open in Charles where you can do things like aborting or canceling
-the request, allowing it through, or, in our case, modify it before sending it.
+To do this, right click on your host and toggle the "Breakpoints" option. Then
+make a request and you should see execution pause a new window open in Charles
+where you can do things like aborting or canceling the request, allowing it
+through, or, in our case, modify it before sending it.
You can select the option to modify the request and then alter the JSON
payload.
-So that's it. I hope you found these instructions clear enough and sorry for
-not using images. I haven't gotten to decide where I would host such images
-yet.
+So that's it. I hope you found these instructions clear enough for you to start
+getting your feet wet with HTTP capturing. If you have any cool tricks for
+Charles or another tool of choice, don't hesitate to share them :)