Charles_Proxy

Debugging

Enable SSL proxying for specific URLs or wildcards if needed.

Process

Charles generates a .pem file - Privacy Enhanced Mail (PEM) or Base64 encoded certificate as per Charles dialog box.
How .pem file differs from regular old OpenSSL key file - good thread to read here

-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgIGAYlG5S1aMA0GCSqGSIb3DQEBCwUAMIGvMUAwPgYDVQQDDDdDaGFybGVz+VY=
-----END CERTIFICATE-----

Generating one is easy while using fastlane tool on macOS
docs fastlane | pem

Generate Certificate

Go to Charles -> Help -> SSL Proxying -> Save Charles Root Certificate.
You can save it as .pem Base 64 encoded certificate or
.cer Binary Certificate

tvOS

Prerequisites

If you want to configure for a physical tvOS apple tv 4K, you need few things to set it up.

Apple Configurator | app store
Charles Proxy 5.xx Beta
Apple TV 4K
Same Wifi network with manual DHCP address reservation
node package manager

Steps

create charles proxy from Menu -> Help -> SSL Proxying -> Save Charles Root Certificate... ” save it as .cer Binary Certificate downloadedProfile.cer
Apple configurator -> File -> New Profile -> Name the profile "customTVOS_proxy" -> Select "Wifi", click "Configure"
Fill your usual Wifi SSID (name: WifiName) & make sure Proxy Setup is selected to manual with provided ProxyMan Server and Port address eg. 10.0.0.22:9090
select “Certificates” → Click “Configure” → upload the downloadedProfile.cer file that you previously downloaded & renamed.
save the profile tvOSProxyProfile.mobileconfig at accessible location & open a terminal at that $pwd
Run a temporary http server using node
Make sure appleTV is on the same Wifi network 2.4 or 5Ghz and open Settings -> General -> Privacy & Security -> Share Apple TV Analytics. Press apple tv remote physical button Play/Pause new window will appear.
Select Add Profile, add the mac http server ip address with port and local file complete path. eg: http://10.0.0.22:8033/tvOSProxyProfile.mobileconfig (easier to copy paste from mac shared clipboard to iPhone + tv remote Input prompt)
Select "Install", few times and then we need to trust the certificate by heading over to Settings -> General -> About -> Certificate Trust Settings -> Click on Proxy Profile -> “Continue”.
You may need to reenter your WiFi credentials again since for me it got disconnected once with tvOS 17.0 - apple TV 4K 2023.

Now you can see the logs of Apple tv 4K on Charles Proxy. I believe similar steps could be performed for proxyman

macOS

You need install on root device - certificate & trust that certificate in Keychain manager.

After that you need to select proxy -> enable macOS proxy from menu bar.

setup charles on mac

Troubleshooting

My internet connection doesn't work

Probably your Charles proxy server is being deallocated from the memory by OS schedulers. Check Task Manager | Activity Monitor just to see if the app is still consuming and listening for network events properly.

Charles Profile doesn't download certificate `.pem` file

For me reinstalling the app and restarting the iPhone usually helps.
But to be extra cautious, check whether you have added 0.0.0.0/0 to the
Proxy > Access Control Settings to give access to all the devices trying to route their proxy network traffic and give all iPv4 range table access to be allowed by default. It makes you avoid that pesky Allow | Deny confirmation dialogue box for the Access Control Settings
Also double check Allow List in Tools Menu is being enabled, disable that option if you don't want a whitelisted option for specific domains.

Charles Profile doesn't show up on iOS Settings App

It is likely that your default browser is not Safari Apple kinda makes it PITA to always use their proprietary browser in order to do configuration profiles or certificates installs. I was using Firefox on iOS (Internal engine is still safari WebView WebKit Engine) with default browser selected as well since Deeplinks usually don't work on non default browser sometimes. But opening it on Safari with website http://chls.pro/ssl worked for me this time.

Network requests shows `unknown` data

You need to go to Settings -> General -> About -> Certificate Trust Settings and toggle Enable Full Trust for Root Certificates

Can no longer browse Internet without Charles

charles proxy FAQ steps

video playback buffering

DelioPlayer Media Failed. Description:1012.10 (Fairplay DRM):`The DRM delegate failed to acquire a license. (Delio)` Context: `(DelioPlayer) DRM Error` Delio Error Info 9004: `DelioError code:couldNotAcquireLicense.(9004)
assetURL:[http://ccr.linear-tve-ashburn-](http://ccr.linear-tve-sa-vss.top.sa.net/v1/frag/bmff/enc/cbcs/t/.m3u8?sz=urn:scte:224:audience:Zip:21412)


errorDescription" : "1001.2 (General Errors):`An unspecified network error occurred.` Context: `(DelioPlayer) Delio Error` Delio Error Info 4003: `DelioError code:playlistDeliveryUnableToDeliverPlaylist.

Turns out de-provisioning the security DRM client on the physical device solved this issue. Logging out and back works.

Other issues

Copied from another article


Charles shows garbled text in HTTPS request content	– Check that Enable SSL Proxying is checked in SSL Proxying Settings – Check that your host list contains the host that you are looking to decrypt – Check that the Charles SSL Certificate is installed on your Mac or external device (whichever device sends out the data needs to have the certificate installed)
Charles doesn’t show any requests or Charles shows fewer requests than expected	– Check that you have no active VPN connections. Charles often times doesn’t work well over VPN – Check that you have started recording (the red/black button on the main Charles toolbar) – Try removing your request filter – Uncheck “Focused” to make sure there are no filters under Focused Hosts – If browser testing, disable all add blocker and cross-check with another browser – If you are attempting to proxy an external device, make sure that you are on the same network. – Offices sometimes have strict firewalls and router settings that may block proxying in general or specifically block port 8888, which Charles listens on. Check with IT or try proxying with a more advanced hotspot Charles method.

Charles shows garbled text in HTTPS request content

– Check that Enable SSL Proxying is checked in SSL Proxying Settings
– Check that your host list contains the host that you are looking to decrypt
– Check that the Charles SSL Certificate is installed on your Mac or external device (whichever device sends out the data needs to have the certificate installed)

Charles doesn’t show any requests or Charles shows fewer requests than expected

– Check that you have no active VPN connections. Charles often times doesn’t work well over VPN
– Check that you have started recording (the red/black button on the main Charles toolbar)
– Try removing your request filter
– Uncheck “Focused” to make sure there are no filters under Focused Hosts
– If browser testing, disable all add blocker and cross-check with another browser
– If you are attempting to proxy an external device, make sure that you are on the same network.
– Offices sometimes have strict firewalls and router settings that may block proxying in general or specifically block port 8888, which Charles listens on. Check with IT or try proxying with a more advanced hotspot Charles method.

Resources

Kodeco | charles-proxy-tutorial-for-ios

Charles Proxy blocking SSL traffic on Android