Charles Use tutorial Guide

Charles Use tutorial Guide

• Objective
• Mobile App Grab Bag
• PC-Side Grab Bag
• View mode
• Other features
• Summary of issues

1. Preface:

Charles is a clutch modification tool, compared to the burp,charles has a simple and intuitive interface, easy to get started, data request control easy, easy to modify, grab the start of data pause convenient and so on advantages! Here's a more detailed introduction to this powerful and easy-to-use grab bag tool.

java Environment Download : Environment download

cracked version download: hack version: Charles

2. Mobile app Grab bag (real)

This is a lot simpler than the other grab packages, and the steps are as follows:

1 make the phone and computer in a LAN, not necessarily an IP segment, as long as the same oil spill under the same, such as the computer connected to the wired network IP 192.168.16.12, then the mobile link WiFi IP is 192.168.1.103, but this wired and wireless network ultimately comes from an external IP, which is also possible.

2 The following is the specific configuration, here the computer side is not to do any configuration, but need to turn off the firewall (this is important)!

Then Charles sets the range of IP addresses that need to be set under Allow to receive. Set first to enter this position proxy-access Control Settings Then if the IP range received is 192.168.1.xxx, then add and set to 192.168.1.0/24 if all the range is received, Then set it directly into 0.0.0.0/0.

Then if you check the Proxy-windows Proxy, then will be on the computer grabbed the packet request also grabbed, if only grab the phone, you can set this to not tick.

3 Next below is the phone-side configuration

First use the Cmd-ipconfig command to view your computer's IP address

Then on the phone side of the WiFi proxy settings there to make the relevant configuration settings.

Here the proxy address is filled in as the IP address of the computer, and then the port is written 8888 (this is the default setting of Charles), if you modify it to write their own modified port.

4 OK, so the configuration is done! Below open the UC browser or other things, casually visit a Web page to see if there is no data to crawl (I am here direct access to the Sina News First page).

3, PC-side grab Bag

The following is the PC-side grab Packet usage Charles supports the request to catch the HTTP, HTTPS protocol, and does not support sockets.

Then Charles will automatically configure the proxy settings for IE and the tools, so that the open tool is already in the bag state. Here to open the Baidu grab package, the tool interface and related basic functions as shown:

The 7 locations in the list are some of the most commonly used features.

1 The Trash icon, the function is clear, clear out all the request display information.

2 the telescope icon, the function is to search for keywords, you can also use the CTRL+F implementation, you can set the scope of the search.

3 The icon of the middle red dot in the circle, which is the data display or the settings that are not displayed. This I think is the Charles tool is very convenient for a two point, generally so that it does not show the grasping state, only when the test itself before and after, in order to capture and display the state. This allows you to quickly and ruthlessly get the information you want, without having to look for it in a bunch of data requests.

4 edit Modify function, you can edit and modify any request information, after the modification, click Execute to send a modified request packet.

5 The URL information for the requested address of the fetched packet is displayed.

6 information about the requested contents of the fetched packet is displayed.

The POST request can be displayed as a form and is straightforward.

7 returns the display of data content information.

There are various forms of data display in 5, 6, 7, where Raw is the state of the original packet.

4. Viewing mode

Charles grabbed the package display, supported by two modes, structure and sequence, with the following advantages, respectively.

Structure form such as advantages: can clearly see the data structure of the request, but also the Domain name Division request information, can be very clear to analyze and process the data.

Sequence form, such as advantages: can be very clear to see all the requests, without a layer of the point to open, here is the order of data requests to execute, that is, the request is quickly displayed in front.

Specifically to say which of the two forms is better, this is a matter of opinion. I prefer the second kind, rough ore bold!

5. Other common functions

Believe that you have learned the above, and say some other common features of Charles

After selecting the request, right-click to see some common functions, here say repeat is repeating the contract once. Then the advanced repeat is repeated the contract multiple times, this function is used to test the SMS bombing vulnerability is very convenient.

There are, for example, modify the Referer test CSRF vulnerability, modify the form content test XSS, modify the key parameters Test ultra vires, modify the URL, form, cookie and other information test injection, etc., are very convenient.

Well, the introduction of this tool is here, I believe this easy-to-use tool, will certainly be used by more people in the future.

6, Charles use problem summary

Charles is a great tool to grab the package, but if you are not familiar with the tool, you will certainly encounter a variety of feeling very inexplicable situation, here to help you answer.

1 Why download not to use AH? I can't open it.

-Because Charles needs a Java environment to run, you need to install the Java environment first.

2 Why am I automatically turned off when I use it? It will be closed once in about 30 minutes.

--because Charles does not register, after each open can only yo a 30 minutes, then will automatically shut down, so it is best to follow the instructions before using the tool to register the operation.

3 Why I sometimes in the operation of the direct tool on the interface stuck dead, shut off, can only use the Task manager can be turned off?

--This is really a bug of Charles this tool, when started, I am also very disgusting, and often tragic, but now there are corresponding solutions, the following operation is possible.

First, grab some bags and ask for a picture request.

Then select a picture of the request, and then click Response-raw Then there will load the contents of it, and then after loading, then go to random operation on it, will not be in the tragedy of the direct tool card dead ...

4 Why use Charles, I will not go to the web, but QQ can.

Because if Charles is off in an abnormal state, then the agent of IE will not be automatically canceled, so this will be the case.

--Solutions:

First: Open Charles directly and then shut down normally. The second type: Go to the Internet Explorer proxy location to remove the check.

5 Why can't I use Charles to catch sockets and HTTPS data?

--First, Charles does not support the capture of the socket data. Then, if you can't catch the data from HTTPS, check to see if you haven't checked the SSL feature. Proxy-proxy Settings-ssl Settings

6 Why I use Charles to crawl the mobile app, everything is configured correctly, but can not catch the data.

First, make sure that your computer's firewall is off, which is important.

--If the firewall is off or not, then please reconnect the mobile phone WiFi, so you can generally solve the problem. If this does not work, then please set the IP address of the mobile WiFi location to a static IP, and then restart the Charles Tool.

7 after grasping the packet found that some data in the form is garbled what to do?

--please view in raw mode, raw mode shows the original packet, generally not because of coding problems caused by the display as garbled.

8 I use Charles to grasp the mobile phone app data, but also will be grabbed to the computer side of the data, can be set?

--Yes, set the location in Proxy-windows Proxy, tick indicates the receiving computer data capture, if only want to grab the app data request, you can uncheck this feature.

9 Why I use IE can catch data, but with 360 or Google browser do not?

Make sure that 360 or Google's code settings are not checked in the settings are using IE Proxy.

10 want to copy and paste some data, how to do, right button does not have corresponding function ah? --Please use CTRL +c and CTRL + V directly.

Charles Use tutorial Guide