Introduction to HTTP monitor charles

Note: in special circumstances, the software may hijack the browser, leading to the inability to browse the web page (please use it with caution ).

1. Preface:

Charles is a packet capture and modification tool. Compared with burp, charles has the advantages of simple and intuitive interface, easy to get started, easy to control data requests, easy to modify, and convenient to start and pause data capture! The following describes in detail this powerful and easy-to-use packet capture tool.

Java environment Download: environment download

2. Mobile APP packet capture (real)

This is much simpler than other packet capture software. The specific steps are as follows:

1. Make the mobile phone and computer in a LAN, not necessarily an ip segment, as long as it is under the same oil leak. For example, the connected wired network ip address of the computer is 192.168.16.12, then, the Wi-Fi ip address connected to the mobile phone is 192.168.1.103, but this wired network and wireless network eventually come from an external ip address. This is also possible.

2. Next let's talk about the specific configuration. No configuration is required on the computer, but the firewall needs to be switched off (this is very important )!

Then charles sets the range of IP addresses that can be received. Set Proxy-Access Control Settings first. If the ip address range to be received is 192.168.1.xxx, add and set it to 192.168.1.0/24. If all the ranges are received, set it to 0.0.0.0/0.

If Proxy-Windows Proxy is selected, packet capture requests on the computer are also captured. If only the mobile phone is captured, this can be set to not checked.

3. The following figure shows the mobile phone configuration.

Run the cmd-ipconfig command to view the IP address of your computer.

Then configure the settings in the wifi proxy settings on the mobile phone end.

Enter the proxy server address here as the IP address of the computer, and write "8888" as the port here (which is the default setting of charles). If you modify the port, write it as the port you modified.

4. Now, the configuration is complete! Open the UC browser or other things and visit a webpage to see if any data is captured. (I am visiting the Sina news homepage directly ).

3. Packet capture on PC

The following is the usage of packet capture on the pc. Charles supports http and https requests, but does not support socket.

Then charles automatically configures the proxy settings of IE browser and tool, so opening the tool is already in the packet capture status. The tool interface and related basic functions are shown in the following figure:

The seven locations in the preceding figure are the most commonly used functions.

1. The recycle bin icon. The function is clear. All request display information is cleared.

2. The telescope icon is used to search for keywords. You can also use ctrl + f to set the search range.

3. The red icon in the middle of the circle. The function is to display or not display captured data. In my opinion, this is a very convenient tool for charles. Generally, it does not display the capture status, but only before and after the test, it is in the capture and display status. In this way, you can quickly obtain the information you want without looking for it in a pile of data requests.

4. Edit and modify any request information. After modification, click Execute to send a modified request packet.

5. The url information of the request address of the captured data packet is displayed.

6. The request content of the captured data packet is displayed.

Post requests can be displayed in form, which is intuitive and clear.

7. Display the data content.

Among them, there are various forms of data display in 5, 6, and 7, in which raw is the status of the original data packet.

4. View mode

Charles supports two packet capture modes: Structure and Sequence. Their advantages are as follows.

The Structure form is shown in the following figure. The Structure of the request data is clearly displayed, and the request information is divided by domain names, so that the data can be analyzed and processed clearly.

The Sequence form is shown in the following figure. It is clear that all requests do not need to be clicked layer by layer. The data requests are executed in order, that is, the request is displayed as soon as possible.

It is wise to say which of the two forms is better. I prefer the second type, which is bold and unrestrained!

5. Other common functions

I believe you have learned the above. Let's talk about some of charles's other common functions.

After selecting the request, right-click the request and you will see some common functions. Here we will talk about Repeat, which means repeated packet sending. Then, Advanced Repeat repeatedly sends packets multiple times. This function is convenient to test the SMS bombing vulnerability.

For example, modifying referer to test the CSRF vulnerability, modifying form content to test XSS, modifying key parameters to test excessive permissions, and modifying url, form, cookie, and other information to test injection are all very convenient.

Now, the introduction of this tool is here. I believe that this easy-to-use tool will certainly be used by more people in the future.

6. charles problem summary

Charles is a very useful tool for packet capture and modification. However, if you are not familiar with this tool, you will certainly encounter various situations that are puzzling. Here we will help you answer them one by one.

1. Why can't I download it? Cannot open.

-- Because charles needs a java environment to run, he needs to install the java environment first.

2. Why is it automatically disabled when I use it? It will be closed in about 30 minutes.

-- If charles is not registered, it will take only 30 minutes to enable it each time, and then it will be automatically disabled. Therefore, it is best to follow the instructions to register the tool before use.

3. Why can't I close the tool when I operate it? I can only use the Task Manager to close it?

-- This is indeed a bug of charles's tool. At the beginning, I was also disgusted and often miserable, but now there are corresponding solutions, you can perform the following operations.

First, capture some packets and request images.

Then select the request for an image, click Response-Raw, and then the content will be loaded. After loading, you can perform any operations, it won't die in the tragic direct tool card...

4. Why can't I access the webpage after charles is used, but qq can.

If charles is disabled in an abnormal state, the IE proxy will not be automatically canceled.

-- Solution:

First, open charles directly and close it normally. Type 2: remove the check box for the proxy location of IE browser.

5. Why can't I use charles to capture socket and https data?

-- First, charles does not support capturing socket data. Then, if you cannot find the https data, check whether you have not checked the ssl function. Proxy-Proxy Settings-SSL Settings

6. Why do I use charles to capture the mobile APP? Everything is correctly configured, but no data is captured.

First, make sure that the computer firewall is disabled. This is important.

-- If the firewall does not work, disconnect the phone wifi and try again. This will solve the problem. If the above method still does not work, set the IP address of the mobile phone wifi location to a static IP address, and then restart the charles tool.

7. What should I do if some data in the form is garbled after packet capture?

-- Check in Raw mode. Raw mode displays Raw data packets, which are not garbled due to encoding issues.

8. Can I use charles to capture the data of the mobile app, but also capture the data on the computer?

-- Yes, you can set the position in Proxy-Windows Proxy. If you only want to capture data requests from the APP, you can skip this function.

9 Why can I capture data with IE, but I cannot use 360 or Google Chrome?

Make sure that the IE proxy is used if you check whether the setting is enabled in code 360 or Google.

10 What should I do if I want to copy and paste some data? What should I do? -- Use Ctrl + C and Ctrl + V directly.

Use Charles mobile packet capture tool

Charle download:

Http://www.charlesproxy.com/download/

After charles is installed, start;

Set Mobile device HTTP proxy:

1. Local IP address;

2. View the port from the charles tool (proxy? Proxy settings );

3. After charles is connected to a mobile device for the first time, a prompt is displayed, as shown in the following figure. Select "allow ":

4. Access the system through a mobile device and filter requests to view the request data you need, as shown in the following figure: