Charles Proxy

Charles is a web proxy which runs on your own computer. The application in testing is then configured
to access the Internet through Charles, and Charles is then able to record and display for you all the data
that is sent to the server and the responses from server received by the device (client).

We are unable to see what is being sent and received between your client and the server. Without this
visibility it is difficult and time-consuming to determine exactly where the fault is. Charles makes it easy
to see what is happening, so you can quickly diagnose and fix problems.

Charles makes debugging quick, reliable and advanced; saving you time and frustration.

The following features are what I believe to be the key features of Charles that are most relevant to QA.

Key Features

 SSL Proxying
o Charles can act as a man-in-the-middle for communication between the device and
server, enabling you to debug the content of your sessions.
 Bandwidth Throttling to simulate slower Internet connections including latency
o Charles simulates data speeds by effectively throttling your bandwidth and introducing
latency, so that you can experience multiple in real life scenarios where network speed
can affect the performance of the build or server response. Using bandwidth throttle we
can check the stability of the project on all available network speeds from any part of
the world.
 Repeat requests to test back-end changes
o Charles can be used to send repeated requests to server to check server response in
case of a very large number of requests generated from multiple clients in a short
amount of time.
 Edit requests to test different inputs
o Charles can be used to edit requests to send out a specific request and check its
response. This type of feature is used for testing advertisement SDK’s implemented in
the game.
 Breakpoints to intercept and edit, requests or responses
o This feature is used to check for any loopholes in the system which can be exploited by
users to cheat and send manipulated data to the server.
How to download and install Charles Proxy on your PC?
 Open browser and visit Charles Proxy official website at
https://www.charlesproxy.com/download/ and download the latest setup for the environment
(Windows or MAC) you are working on.
 Once setup has been downloaded, install Charles Proxy on your PC.
o For Windows, run setup application to install Charles.
o For MAC, unzip the download file by double-clicking it and copy the Charles application
to Application folder.

How to configure Charles Proxy on your PC?

 While you can configure Charles to suit your requirements, it is best to allow Charles to auto-
configure proxy settings on your PC. This may invoke a warning on both Windows and MAC
operating system, but it is safe to allow the request. The reason being that whenever you start
or stop Charles, proxy settings are to be re-configured every single time which can get annoying.
When using auto-configure proxy, Charles will automatically modify all settings at start-up,
saving time and effort to go through every step between sessions.

(NOTE: You may skip this section if you are familiar with Charles. For newbies it’s highly
recommended to go through this section to get a basic idea on how to navigate to different
sections and understand the use of different features in Charles.
To continue, please scroll down to section “How to add a device in Charles?”)

=================================START=========================
=========
Info regarding Charles
Before we learn how to add devices to Charles, below info will help you to understand the different
features with details which are used in Charles while testing an application.

Sessions
Your Session contains all your recorded information. It is represented by the Session window (check
Charles title bar). By default, a new session is automatically created when you start Charles with title
Session 1.

You will possibly only ever need a single session when you are using Charles. Until you feel the need to
use multiple sessions: don’t bother. When your session gets full (or too busy) you can clear it (using the
Clear Session option in the File Menu or the trash can icon on the toolbar).

Sessions can be saved and re-opened (see the File Menu), which can be useful in case a developer may
require information on the data being exchanged between client and server while an issue was
observed.
Recording
Recording is the primary function of Charles. Requests and responses are recorded to the current
Session for you to later inspect and analyze.

The requests recorded depend upon the configuration of Charles. Usually this would include all HTTP
and HTTPS traffic from your application, and possibly other applications on your device. However, it may
also include data from generic socket connections such as through the SOCKS proxy or Port Forwarding.

When recording is off, Charles passes through all the requests as normal, but they are not recorded in
the session for you to look at.

Requests and Responses

A request and its response consist of a request sent from your application to the server and the
response received from the server. Requests appear in the Session window when they are recorded.
There are two different ways of viewing the session window: structure view and sequence view.

Structure view lets you view the requests in a tree organized by the host name and then
folders/directories within the host. Sequence view lets your view the requests in the sequence that they
occur.

When you click on a request the Request Viewer loads in the session window with multiple tabs. In this
section we will be using only Overview and Contents tabs for details. You can always see the HTTP
request and response headers and the request and response bodies, either as plain text or binary
(hexadecimal & ASCII).

Focus
There are often a lot of requests and responses from a lot of different hosts cluttering up a Charles
session. Using the Focus feature, you can separate the hosts that you care about from the ones that you
don't. To see all your focused hosts, and to edit them, go to the Focused Hosts item in the View menu.

Export
You can export data from a session in Charles by choosing Export from the File menu. Charles supports
following formats: CSV, XML, Trace text file.

While you can use any of these formats, it is recommended to save any sessions in CSV as it is most
commonly used format while reporting any issues.

SSL Certificates
Charles generates its own certificates and signs using a Charles Root Certificate, which is uniquely
generated for your installation of Charles. This certificate is manually installed on the device to link
network data with Charles.
Proxying
Charles is an HTTP and SOCKS proxy server. Proxying requests and responses enables Charles to inspect
and change requests as they pass from the client to the server, and the response as it passes from the
server to the client. This section outlines some of the proxying functions that Charles provides.

 Bandwidth Throttle / Bandwidth Simulator

Charles can be used to adjust the bandwidth and latency of your Internet connection. This
enables you to simulate modem conditions using your high-speed connection.

The bandwidth may be throttled to any arbitrary bytes per second. This enables any connection
speed to be simulated.

The latency may also be set to any arbitrary number of milliseconds. The latency delay simulates
the latency experienced on slower connections, that is the delay between making a request and
the request being received at the other end.

 Breakpoints Tool
The Breakpoints tool lets you intercept requests and responses before they are passed through
Charles. You can examine and edit the request or response and then decide whether to allow it
to proceed or to block it.

Each breakpoint matches a URL using location matching patterns, see below. Each breakpoint is
also assigned to either the request, or response, or both so you break exactly where you want.

How it works

When a request or response trips a breakpoint the Breakpoints window automatically opens in
Charles and comes to the front. The Breakpoints window contains a list of the requests and
responses currently intercepted and waiting for your action. Select the request or response to
view and edit the contents. Then decide to Execute, Abort or Cancel the breakpoint.

The Execute button applies any changes that you have made and lets the request or response
proceed. The Abort button blocks the request or response and sends an error message to the
client. The Cancel button discards any changes that you have made and lets the request or
response proceed as if it wasn't intercepted.

 SSL Proxying
Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the
communication between application and server.

Instead of your application seeing the server’s certificate, Charles dynamically generates a
certificate for the server and signs it with its own root certificate (the Charles CA Certificate).
Charles receives the server’s certificate, while your application receives Charles’s certificate.

Therefore, you will see a security warning, indicating that the root authority is not trusted. If you
add the Charles CA Certificate to your trusted certificates you will no longer see any warnings.

===================================END=========================
========