From: Alexander Goussas Date: Sun, 31 May 2026 22:51:30 +0000 (-0500) Subject: feat: publish post on HTTP interception X-Git-Url: http://git.frustrated-labs.net/?a=commitdiff_plain;h=efcc488b4b55e962025b67e934936fe4c94e509e;p=frustrated-functor.dev.git feat: publish post on HTTP interception --- diff --git a/content/2026-05-13-how-to-intercept-http-requests.smd b/content/2026-05-13-how-to-intercept-http-requests.smd index ebd7f6f..ada2de2 100644 --- a/content/2026-05-13-how-to-intercept-http-requests.smd +++ b/content/2026-05-13-how-to-intercept-http-requests.smd @@ -3,11 +3,12 @@ .date = @date("2026-05-13T00:00:00"), .author = "Alexander Goussas", .layout = "post.shtml", -.draft = true, +.draft = false, --- This blog post comes with an accompanying YouTube video where I showcase a demo -application and intercept its requests. Watch it here: TODO. +application and intercept its requests. Watch it here: +https://www.youtube.com/watch?v=lRNnt2g4gFA. You have a flashy HTTP API and everybody wants to talk to it. Great! But with great power comes great risk. All these fuckers could be sending bullshitty @@ -34,11 +35,21 @@ Then just run it! Capturing web traffic should work out of the box, but you have to configure the tool to allow for SSL capturing (HTTPS). For that, you can follow these instructions: -https://www.charlesproxy.com/documentation/proxying/ssl-proxying/. +https://www.charlesproxy.com/documentation/proxying/ssl-proxying/. I also show +how to do that in the video linked at the beginning of the post. You should add each hostname for which you want to enable SSL proxying in the configuration. +## Configuring web capturing + +The only thing to do here is to configure the Mac OS X Proxy settings to allow +capturing. You can follow these, rather concise, instructions to do that: +https://www.charlesproxy.com/documentation/getting-started/. + +For other platforms, it should work out of the box without further +configuration. + ## Configuring you mobile device for capturing Now, I was more interested in capturing mobile traffic from the emulator @@ -58,16 +69,17 @@ you emulator. You can either set breakpoints at the host level or at the request level. For my use case, I wanted to intercept all requests going to my backend, so I -activated breakpoints on the host. +activated breakpoints on the host. In the video I show an example of activating +breakpoints for a specific request. -To do this, go to the TODO view, right click on your host and toggle the -"Breakpoints" option. Then make a request and you should see execution pause a -new window open in Charles where you can do things like aborting or canceling -the request, allowing it through, or, in our case, modify it before sending it. +To do this, right click on your host and toggle the "Breakpoints" option. Then +make a request and you should see execution pause a new window open in Charles +where you can do things like aborting or canceling the request, allowing it +through, or, in our case, modify it before sending it. You can select the option to modify the request and then alter the JSON payload. -So that's it. I hope you found these instructions clear enough and sorry for -not using images. I haven't gotten to decide where I would host such images -yet. +So that's it. I hope you found these instructions clear enough for you to start +getting your feet wet with HTTP capturing. If you have any cool tricks for +Charles or another tool of choice, don't hesitate to share them :)