Problems Android device - Charles Proxy - internet connection

Question

I am trying to get a Charles Log from an android device, and it is not working. The android device's browser will not connect to the internet after I set up the Wifi with the Proxy. I have listed the steps I did to set up Charles Proxy on my computer and configuring the android device to use charles proxy.

I am totally grateful for any help, but I just want to point out a couple of things:

*I have the correct the Wifi network & IP address for the Android device proxy settings ( see Step 18 below).

*As far as I know I do not use a VPN or a Firewall on the android device. How can I double check this?

*I have tried the steps below with 2 versions of Charles Proxy.
charles Proxy: 4.2.7
charles Proxy: 3.12.3 I removed and reinstalled the program each time.

*Chrome and Firefox on the android device will not connect to the internet with the proxy set up.

See the list below for the step and Thank you so much!!!

---

System: MacOS 10.10.5 Android: 6.0.1

1. Menu: Proxy: ticked Mac OS proxy
2. Menu: Help > SSL proxying > Install Certificate
3. In Keychain > found certificate > clicked Always Trust (entered password)
4. In Charles Proxy, clicked Proxy menu
5. Menu > Proxy > SSL Proxying settings
6. Ticked Enable SSL Proxying
7. Clicked Add
8. Host * Port 443.
9. Menu: Proxy > Proxy Settings
10. Clicked Proxies Tab: Http Proxy Port: 8888
11. Ticked: Enable Transparent HTTP proxying
12. Clicked MacOSX tab
13. Ticked: Enable Mac OS Proxy, Use HTTP proxy, Enable MacOS proxy at start up
14. Clicked Mozilla Firefox tab: Enable Mozilla Firefox Proxy, Use HTTP proxy, Enable Mozilla Firefox proxy at startup.
15. Menu: Proxy > Access Control settings
16. Clicked add, set IP Range 0.0.0.0/0
17. Ticked: Prompt to allow unauthorized connection.
18. Menu > Help > Local IP address - Wrote this IP address down and used this number to set up android device.

On Android device:

19. Connect Android to Mac with USB cable. Port USB 2.0
20. Settings > Network & Internet > Wi-Fi
21. long-tapped active wifi connection, selected: Modify network
22. Expand the Advanced options, tapped at None below Proxy and selected Manual
23. Entered IP address from step 18 in the Proxy hostname field .
24. Entered 8888 into the Proxy portfield
25. Clicked Save.
26. Open Chrome
27. type http://charlesproxy.com/getssl/ or short version chls.pro/ssl
28. Get error message: “err_proxy_connection_failed” or "err_connection_timed_out" Please note: No dialog box appears on Charles Proxy on Mac about the Android device.
29. As far as I know I do not use VPN and I do not use a Firewall on the android device. How can I check this?

To manually add the security certificate to the Android device: 30: On Mac desktop – Charles Proxy > Menu Help > SSL Proxying > Save Certificate 31. Saved certificate to desktop. 32. Copied certificate to android device / downloads folder (not on SD card) via USB cable.

On android device: 33. Found charles proxy certificate file, long clicked.

34. In dialog box: renamed certificate Charles Proxy Certificate

35. Clicked VPN & Apps

36. Clicked save.

37. NB: Here I am not asked to re-enter my device PIN

38. Open Chrome App. Get the error message “err_proxy_connection_failed” or "err_connection_timed_out"

39. Android Device: notification that a third party might be watching.

40. I check if the certificate is installed: Settings > Security > Trusted Credentials > User > the XYZ Charles Proxy security certificate is installed.

I have also done Steps 30 to 38 with the certificate with a crt and a pem suffix.

I have tried the following variations: *Setting up the Proxy on Android device without USB connection to mac *Setting up the Proxy on Android device while connected to mac via USB *Setting up the proxy on Android device before opening Charles Proxy and after.

I have no idea what to try next! Hope you can help and thank you for reading this far. :)

Answer 1

Try to intercept traffic via USB using adb:

1. Connect the smartphone to the computer via USB. Make sure that phone is visible in the output of (in the Android Studio terminal):

   adb devices
   

2. Set 127.0.0.1 and port 8080 as the proxy IP address on the smartphone:

   adb shell settings put global http_proxy 127.0.0.1:8080
   

(instead, you can specify a proxy server in the wifi network settings on the phone, but this is long and inconvenient)

3. Run a command that will redirect traffic from port 8080 on the smartphone to port 8888 on the host:

   adb reverse tcp:8080 tcp:8888
   

After that, the requests will go through Charles.

4. After testing, reset the settings:

   adb shell settings put global http_proxy :0
   adb reverse --remove-all
   

View the list of reverses (should be empty):

adb reverse --list

Also check that the Charles certificate on the phone has not expired.

Answer 2

In my case it's was a Windows Defender Firewall. After i disabled it, all started work fine. Charles saw my phone connection and proxy all requests.

If i close charles, internet connection still lost, but its because proxy setted in WIFI. My router have 2 wifi points 2.4 and 5 gz. So i setup charles proxy on 2.4 and use 5g for everyday surfing.

Answer 3

If network_security_config doesn't help, you can double check is there any VPN/Proxy/Cloudfare are running.

I turn them off and it's solved.

Answer 4

From Android 10, it requires extra config in order to intercept the HTTPS traffic from Android devices.

Add to res/xml/network_security_config.xml

<network-security-config>
<debug-overrides>
    <trust-anchors>
        <!-- Trust user added CAs while debuggable only -->
        <certificates src="user" />
        <certificates src="system" />
    </trust-anchors>
</debug-overrides>

<base-config cleartextTrafficPermitted="true">
    <trust-anchors>
        <certificates src="system" />
    </trust-anchors>
</base-config>

<domain-config>
    <!-- Make sure your URL Server here -->
    <domain includeSubdomains="true">your_test_url</domain>
    <trust-anchors>
        <certificates src="user"/>
        <certificates src="system"/>
    </trust-anchors>
</domain-config>

Add to AndroidManifest.xml

<manifest>
    <application android:networkSecurityConfig="@xml/network_security_config">
    </application>
</manifest>

If you've still struggled, let check out the Full Documentation and Sample Project at https://docs.proxyman.io/debug-devices/android-device#sample-android-project

Answer 5

I even bought Charles and have the same problem. I tried it with different devices and tried it in two different Wifi's. Nothing. Get the same error as Ana. And yes, I have set up network-security-config.

Answer 6

if you running Charles proxy for android N and above make sure you have following added to your Android-Manifest

Android As of Android N, you need to add configuration to your app in order to have it trust the SSL certificates generated by Charles SSL Proxying. This means that you can only use SSL Proxying with apps that you control.

In order to configure your app to trust Charles, you need to add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user installed CA certificates (e.g. the Charles Root Certificate). You can specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Add a file res/xml/network_security_config.xml to your app:

<network-security-config> 
  <debug-overrides> 
    <trust-anchors> 
      <!-- Trust user added CAs while debuggable only -->
      <certificates src="user" /> 
    </trust-anchors> 
  </debug-overrides> 
</network-security-config>

Then add a reference to this file in your app's manifest, as follows:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config" ... >
        ...
    </application>
</manifest>

Answer 7

I am using Charles Proxy with my windows machine. I have followed This blog for details

The steps can be concluded as follows.

• Download and install charles proxy for Mac/Windows laptop
• Make both your mobile device and laptop connected in same network
• Enable start recording in Charles
• Enable proxy in selected wifi network for mobile were laptop is also connected
• Give the details of IP given in Laptop Charles Help option> SSL Proxying > Install charles certificate on a mobile device or remote browser
• Make sure to give the same IP and 8888 port number
• Open mobile browser and browse http://chls.pro/ssl
• This should download and install charles certificate in mobile device
• In Laptop you can see notification of device trying to connect. Allow this as well
• Now you can see all network logs of your mobile device in Charles
• There is an extra configuration file needed to be included in OS 7+ devices , which is as follows

---

network_security_config.xml content should be as follows

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>