I am trying to use charles proxy, but after starting it as root, I still have only one sequence, but no more requests. why?
I think the problem is that your requester device does not have the proxy settings to reach CharlesProxy.
You can find instructions on how to configure your proxy settings on Chrome easily here.
Related
Is there a way to detect if someone has charles proxy or a network tracking app, tracking your program's requests/apis. And if so is there a way to prevent such a thing.
Just wanted a bit of insight into this, any information is much appreciated.
It's possible to achieve it: Here are two solutions I could think of
After the SSL finish, you can get the certificate and check whether or not it's a self-signed certificate. Then, you might reject the Request connection.
Use the SSL-Pinning technique that only accepts the certificate from your own and rejects others. It will prevent the app is intercepted from Charles Proxy or other Proxy tools like Proxyman, Fiddler, and Wireshark.
I have to capture http request from charles. I am able to get normally. One site that is not working in my ip address, so I am using proxy I set proxy in my mozila browser. After setting proxy in browser charles is not capturing site calls.
What I have to do to make it happen , As well I tried in fiddler as well. Please help me to sort out.
Thanks
For fiddler you can download certmaker as you need a certificate in most cases for secure traffic:
http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/ConfigureForAndroid
Scenario: I want a staging environment at a customer's site. The customer owns www.example.com. I want to map the site to staging.example.com reachable from the outside, but I haven't got time to wait for the bureaucracy surrounding either the purchase of the new subdomain or opening of secondary HTTP ports.
Assumption: If I spoof the HTTP Header param Host to be staging.example.com on the client side, but actually make the request to the IP of www.example.com, IIS will redirect the request to the configured site for staging.example.com. Am I right?
So is there any client tool that can help me with that? I'm fairly famailiar with Fiddler, but it seem to override my rewrites of the host parameter. Also I would need to configure it to do it for every request, not just one, to make it trivial to test.
Are there simpler solutions to this problem?
I'm not entirely sure what you're asking.
Inside Fiddler, by clicking Tools > HOSTS and you can send all traffic targeting one site, e.g. dev.example.com to the IP of your choice. The target site (namely dev.example.com) doesn't need to exist at all in this case. Your client (e.g. the browser) has no idea that Fiddler is retargeting the traffic, it just thinks that it is talking to dev.example.com.
If you have the Fiddler book, check out the Retargeting Traffic section for many other ways to retarget traffic.
I am working with Squid Proxy Server as I have also used cyberoam,Sonicwall and Clear OS.
I want to setup my own proxy like above products ie authentication in transparent proxy.
Actually I setup transparent proxy but at that time my HTTPS site is not working.Then I configure one iptables rule that redirect all http & https traffic to 3128(squid port) only. but here I can access all my https websites but I cant block them.
My requirement is when I am going to access any website at first time it will ask me to authentication and then and only i can access internet. In log reports also I can show its Username and one more thing it will also possible in thinclient(terminal service).
Anybody help me short-out this problem ?
Proxy authentication doesn't work in transparent proxies setups. The browser should have the proxy configured to catch the authentication request from a proxy and to request the credentials to an user.
Another thing is that you can create a transparent proxy for HTTPS. Why? Because when the browser connects, it's connected to the proxy, not the real server. The browser will try to negotiate SSL which is a thing that Squid won't support. There are tricks to do this, but you'll break the SSL security, browser will complain, etc. There are one tool that I used to get this working: u2nl, but it's a hack that tunnels HTTPS trought the proxy.
The best option, is to use a non-transparent proxy. If you want to avoid browsers configuration, have a look at WPAD
As said before, you can't really block HTTPS sites with Squid, and you can't really use authentication with the proxy running at his transparent mode.
As far as I could use and cofigure, you can use an external acl to force a kind of login, but the login requests will not be treated by the proxy, but you can work it with some PERL.
And about the HTTPS thing, you could work it with some hacks, but it is a very sensible question, because the server performance with be punished with this kind of use and you could be pointed as a fraudulent service, which isn't cool... Believe me.
I've got a tool which I need to use with a https site, but it only supports http. I need some kind of proxy tool that can work as a man in the middle between my tool and the https site, making the requests seem like http to the tool. The connection would look like this:
Tool -> HTTP -> Proxy -> HTTPS -> Site -> HTTPS -> Proxy -> HTTP -> Tool
Does anyone know of a tool or something I can set up that will work for this purpose? I've already asked in a few IRC channels and searched Google, but I was honestly not sure how to word it when searching Google, and not sure which channel to ask in via IRC.
Any help would be greatly appreciated!
Fiddler (www.fiddler2.com) has this capability; you can change the URL from HTTP to HTTPS on the fly.
Try cUrl. If your tool works with stdin/out, You can pipe your tool's stdin/out through curl. Also there is the library (libCurl) that you can use from within your code, if needed.
WebScarab might do it for you. It can act as a man-in-the-middle and you can alter requests on the fly.
Got any objection to an entire copy of Apache httpd with mod_proxy operating as a reverse proxy? Plausible instructions here.
"Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code."
There is also a guide on their site to wrap HTTP requests with Stunnel.
Looks like this SSL MITM proxy can do exactly what you're asking.