← Misc

Charles Proxy

Important: Before and After using Charles

  • Before you use Charles make sure that you are off the VPN, then set up proxying on the device.

  • After you are finished with Charles make sure you revert back to No Proxying on the device’s wifi settings and make sure you close the Charles application on your laptop. Having Charles actively proxying may have odd consquences with other applications on your laptop, for example Android’s populateInstitution script will fail without a clear warning, and your device will timeout on any api interactions.

Please make a note of these things, they will save you some headache later.

Install Charles

![grant privileges]({{ ‘/images/charles-how-to/install-charles/grant-charles-privalages.png’ | relative_url }})

  • Download and import the Charles root certificate to your Keychain on macOS by selecting Help > SSL Proxying > Install Charles Root Certificate then find it on you Keychain and select “always trust”

![trust cert]({{ ‘/images/charles-how-to/install-charles/trust-cert.png’ | relative_url }})

  • Find laptop IP address: In Charles, select Help > Local IP Address, make note of it for later

![view ip address]({{ ‘/images/charles-how-to/install-charles/view-local-ip-address.png’ | relative_url }})

  • Verify Charles proxy settings: go to Proxy -> Proxy Settings. Port 8888 is enabled by default and Enable Transparent HTTP proxying is selected.

![proxy settings]({{ ‘/images/charles-how-to/install-charles/proxy-settings.png’ | relative_url }})

  • Go to Proxy -> SSL Proxy Settings, make sure Enable SSL Proxying is checked and hit add, the host will be thunderdomeapi.banno.com for uat, and api.banno.com for prod, leave the port blank

![ssl proxy settings]({{ ‘/images/charles-how-to/install-charles/ssl-proxy-settings.png’ | relative_url }})

![update ssl proxy settings]({{ ‘/images/charles-how-to/install-charles/adding-new-ssl-location.png’ | relative_url }})

Android Physical Device

![android charles download]({{ ‘/images/charles-how-to/android-charles-device-cert/charles-cert-download.png’ | relative_url }})

  • Name the cert, it doesn’t really matter what. Select VPN and apps under Credential use. Hit OK.

![android naming cert]({{ ‘/images/charles-how-to/android-charles-device-cert/naming-cert.png’ | relative_url }})

  • Update your devices wifi connection to be on the same network as your laptop. Setting -> Networks -> Wifi, long press the network you’re connected to and select Modify network.

  • Under Proxy select Manual, For Proxy hostname put in the IP Address of the laptop you wish to proxy through, under Proxy port put 8888

![android modifying network]({{ ‘/images/charles-how-to/android-charles-device-cert/modify-network.png’ | relative_url }})

  • Save, now all network traffic should be routed through your laptop.

  • Once you attempt to reach an endpoint on your device, your laptop should prompt a dialog asking if you want to allow the device to proxy through this machine. Important Note: You need to be off the VPN to route traffic through your laptop, unless your device is on the VPN.

iOS Physical Device

/// WIP

Charles Monitoring and Rewriting Interactions

  • Now we should be able to see network traffic running through Charles. Let’s hit some endpoints. You should be able to see requests and responses in full, If you are seeing what looks like encrypted data as responses from the api jump back to the Install Charles section and verify that you’ve set up SSL proxying correctly.

![without ssl host]({{ ‘/images/charles-how-to/charles-monitoring/recorded-responses-without-adding-host.png’ | relative_url }})

![with ssl host added]({{ ‘/images/charles-how-to/charles-monitoring/responses-with-host-added.png’ | relative_url }})

  • We are able to modify any request or response. Go to Tools -> Rewrite.

![rewrite settings]({{ ‘/images/charles-how-to/charles-monitoring/rewrite-settings.png’ | relative_url }})

  • Here we can create our own set of rules/actions to preform on active API requests and responses. We will walk through a couple.

  • Let’s set up a response from the POST payments/v2 endpoint. First add a new set, click add and name the new set. Set’s are a way of organizing your re-write rules.

![add payment set]({{ ‘/images/charles-how-to/charles-monitoring/add-payment-set.png’ | relative_url }})

  • Next add a location: click add, protocol https, host is thunderdomeapi.banno.com (for uat). The path users/*/payments/v2 using * for match any, you can add a specific user if you’d like. You can also designate query parameters and ports, or leave it blank to accept all. Hit OK

![add payment location]({{ ‘/images/charles-how-to/charles-monitoring/add-payment-location.png’ | relative_url }})

  • Now add an action, let’s start simple and return a 500: Click add under the Action section, at the very top you should see a Type dropdown, select Response Status. This forces the Where column to select Response, as we cannot ship a request with a response status. You can have Charles match and replace, or leave match blank which matches all. Now under the Replace section, for Value type “500 Internal Server Error”, it needs to be the entire status code, just 500 will not work. Click OK

![500 action]({{ ‘/images/charles-how-to/charles-monitoring/500-rewrite-action.png’ | relative_url }})

  • We have a Location and Action let’s test it out. Make sure that your new location and action are selected and hit Apply then OK. And that’s all, let’s see if it works. Load up a user that has Payments enabled and try posting a Payment, and see if we get a 500 back. You should be able to see all the network traffic so trouble shoot from there if you’re unsuccessful.

  • Let’s try multiple actions, we can hit the payment/v2 endpoint and receive a 400 Bad Request with an error body. Same steps as before, we can re-use the location, adding a new 400 Bad Request Response Status Action, just like we did with the 500 Action in the previous step.

![400 action]({{ ‘/images/charles-how-to/charles-monitoring/400-action.png’ | relative_url }})

  • Add a new Action for the error body Json. Hit add, we want the Type to be “Body”, the Where is Response, and let’s just add the error Json to match against all by leaving it blank. Add the following String to the value field under the Replace section “{ error: “InvalidSchedule” }”. Make sure you have the error status action, the json rewrite action, and the location selected and hit apply then OK. Make a payment and see if we get the response we are hoping for, again trouble shoot by looking at the network traffic if unsuccessful.

![invalid scheduled action]({{ ‘/images/charles-how-to/charles-monitoring/invalid-schedule-action.png’ | relative_url }})

![two selected actions]({{ ‘/images/charles-how-to/charles-monitoring/two-selected-actions.png’ | relative_url }})

  • Let’s re-write a task event. For this case I’m gonna choose a Scheduled Transfer task event. I want to replace a successful transfer event, ScheduledTransferCreationSuccessful, with an error task, ScheduledTransferFromAccountMaxDebitsReached.

  • Let’s add a new set, “Transfer Set”. Add a new location, protocol https, host is thunderdomeapi.banno.com (for uat), this time the path is /tasks/* remember that tasks come back from the tasks endpoint. Click OK.

![transfer set]({{ ‘/images/charles-how-to/charles-monitoring/transfer-set.png’ | relative_url }})

![transfer location]({{ ‘/images/charles-how-to/charles-monitoring/transfer-task-location.png’ | relative_url }})

  • Now we can add a new action to re-write the task, hit add under actions. Type is Body, The Where is Response. Now we want to Match the value “ScheduledTransferCreationSuccessful” and replace with the value “ScheduledTransferFromAccountMaxDebitsReached”. Hit OK. Then hit Apply and OK.

![transfer rewrite task action]({{ ‘/images/charles-how-to/charles-monitoring/transfer-task-rewrite-action.png’ | relative_url }})

![using transfer set]({{ ‘/images/charles-how-to/charles-monitoring/using-transfer-set.png’ | relative_url }})

  • Now let’s test this out. Load up a user with Scheduled Transfers enabled and create a new transfer. We should see the reg-d limits error message as a response to that post, If you don’t verify that we were given back a ScheduledTransferCreationSuccessful and trouble shoot from there.

Sharing is Caring

You can export a set of rewrite rules and send them to your team members. On Rewrite settings hit export, they save as an xml file. You can then send them to another team member. On Rewrite settings hit import and find the xml file.

![export and import sets]({{ ‘/images/charles-how-to/charles-monitoring/export-import-sets.png’ | relative_url }})

That’s it hopefully you can use these as building blocks to modify/monitor network traffic. Good luck!