当前位置：网站首页>Charles tutorial

Charles tutorial

2022-07-27 13:57:00 【Xiao Ren can't wake up`】

One 、Charles course
（ One ）Charles Use the tutorial

Charles It's a HTTP agent / HTTP The monitor / Reverse proxy , Be able to view their machines and Internet Between all HTTP and SSL / HTTPS Traffic . This includes requests , Response and HTTP header （ contain cookie And cache information ）

Charles Is in Mac /Windows Next commonly used network packet capture tools , Doing it Mobile development , In order to debug the network communication protocol with the server side , It is often necessary to intercept network packets to analyze .

Charles By setting yourself up as a network access proxy for the system , Make all network access requests through it , Thus, the interception and analysis of network packets are realized .

In addition to debugging ports in mobile development ,Charles It can also be used to analyze the communication protocol of the third-party application . coordination Charles Of SSL function ,Charles You can also analyze Https agreement

It's recommended to buy genuine Charles

Charles: Network packet analysis Developer debugging tools
Buy genuine Charles Address ： Digital lychee mall
Advantages of genuine ：
You can log in with your account , Have a perfect user experience , If there is a problem, you can issue a work order directly , Don't worry about it. It's suddenly useless ;
Piracy because you can't log in with an account , General data are also temporary , You cannot use cloud related functions .
You can use the latest version of software functions , The overall experience was very good ;
Less than 200 The price of the block , Buy Charles after , Buy at once , Use for life , Very affordable .
Charles relevant
If you have requirements for front-end testing , recommend SwitchHosts This gadget , Of course if you are right chrome Change the browser online host Interested in , You can also use Host Switch Plus

Charles and windows Under the Fiddler Are the same kind of agent packet grabbing tools ;

I often borrow Charles Do these things
Grab Http and Https Request and response , Grab bag is the most commonly used .
Resend network request , Convenient for backend debugging , It's nice to have a repeat in a complex and special situation （ Captured records , direct repeat That's all right. , If you want to modify, you can also modify ）.
Modify network request parameters （ When the client sends it to the server , It can be modified and forwarded ）.
Interception and dynamic modification of network request .
Support simulation of slow network , It's mainly to imitate the 2G/3G/4G Access process of .
Support local mapping and remote mapping , For example, you can map online resources to a local folder , In this way, we can deal with some special cases bug And online debugging （ Online css,js Etc. resources use local code , You can modify these at will , Data and so on are all online environments , On line debugging ）;
It can grasp the resources accessed by the mobile terminal （ If it's configuration HOST Environment , Cell phones can be borrowed host Configure to enter the test environment ）
charles It's like a... Between the server and the client “ filter ”
When the client makes a request to the server , Come first charles To filter , then charles Sending the final data to the server ;

Be careful ： here charles Data sent to the server , Not necessarily the data requested by the client ;charles When receiving the request from the client, you can freely modify the data , Even directly Block Request from client ;

The data returned by the server after receiving the request , It will come first charles, after charles Filter it and send it to the client ;

Empathy ： Data received by the client , Not necessarily the data returned by the server , It is charles Data given .

Pay attention to problems
If you want to grab a bag , First thing , Is to put charles Set as between the local machine and the server ” filter ”;

Let all network requests go through charles, In this way, you can capture and record the content of your request and the returned data , Please refer to the picture above for the principle ; It should be noted that , If you are visiting web, You can catch all the requests ;

But if you want to catch some apps （ For example, applications on mobile phones ）, Some of the resources used by the application , If no request is sent to the server , It's presented by calling internal resources , So at this time charles I can't get it ; The way to verify this is simple , After the network is cut off , If we can continue to show , It belongs to calling internal resources , At this time, don't think of capturing resources through packet grabbing tools , He didn't make requests like the server , I can't get my cell phone .

First boot Charles
start-up Charles after , for the first time Charles I'll ask if you put Charles Set as agent of the system , If you ignore this inquiry exposure at this time , You can set it later ; take Charles Set as system agent ： Choose... From the menu “Proxy” -> “Mac OS X Proxy/windows proxy” to Charles Set as system agent , Refer to the following , If Mac There is a management password , You need to enter a password before .

（ Two ）Charles Official website
Please be sure of charles The only official website : www.charlesproxy.com

（ 3、 ... and ）Charles download & install
Charles Download address ：https://www.charlesproxy.com/latest-release/download.do

According to different systems , Select the corresponding link to download

Charles install
window install ,Charles After downloading , Open setup , Follow the prompts to move on , You can install it successfully

（ Four ）Charles Crack
Software development is not easy , Please try to support Charles The original ！ It's recommended to buy genuine Charles

Charles Principle 1 ： File overwrite
Charles 4.X.X

download Charles v4.X.X And install Charles download
Open it first after installation Charles once （Windows This step can be ignored ）
Download cracked files charles.jar
Replace... In the original folder charles.jar
MAC, choice Charles, Select Show package content ; find /Java/charles.jar directory , Just overwrite the cracked file
windows System ;\lib Below charles.jar, Just overwrite the cracked file
complete ！
Charles The second principle of cracking ： Registration code for registration
stay Help Select... In the window Register Charles.

Registered Name: https://zhile.io
License Key: 48891cf209c6d32bf4
This is the way of registration code .

// Apply to Charles Registration code of any version .
// Charles 4.2 It's the latest edition , You can use .
（ 5、 ... and ）Charles Grab configuration
proxy setting（ Agent settings ）
The main interface of setting is as follows ：

Dynamic port

Enable the dynamic port option to listen for dynamic ports , Select... Every time the query starts . This can avoid conflicts with other network services that may be running on the computer , Include Charles Other examples of （ If it's a shared computer ） If you open a lot of ports , You can't even remember it , So I recommend you to use this ; But I wrote a port , For example, the agent writes 8888, Other will not listen to this port , And for the convenience of mobile phone connection , All use the specified port .

Be careful ; If you charles Set up 8888 The port of , Other services can no longer use this port number , Otherwise, there will be unexpected mistakes in the conflict .

Transparent HTTP agent

Transparent agent makes Charles Can support not support HTTP Client of proxy server , Or don't know they're using HTTP proxy server , for example TCP / IP Connection redirected by router or firewall to Charles. It can be connected by mobile phone ;

When the phone is connected ,http The agent wrote = Player movement , And fill in this time charles The local address of and the 8888 Port can .

options in It's mainly about setting up Bypass agent

Here you can set up your browser / When the operating system encounters domain names , Use default instead of Charles; The configured list is separated by spaces or commas , And in Charles Inject browser when configuring its proxy settings .

（ 6、 ... and ）Charles Set up HTTPS Agent packet capturing method and principle
PC Set up https Agent grabs bag
First step ： Computer installation Charles Of CA certificate （ must ）

1、 stay Charles Choose... From the menu bar “Help”->“SSL Proxying”->"Install Charles Root Certificact",

The certificate installation page appears , Click on “ Installation certificate (I)...”, Enter the certificate Import Wizard , next step ... Complete the installation

The second step ： On the computer charles Of SSL Grab settings （ must ）

charles Not by default ssl Of , So even after you install the certificate ,Charles Default does not intercept Https Information about , You need to SSL proxy Set the domain name to be grasped , because charles Of location All configurations support wildcards , So in HOST There's a ”*” That's all right. ,port Don't write ;

Charles Mobile phone grab HTTPS Setup and certificate installation
The principle of mobile phone bag grabbing , and PC similar

First step ： Set up charles For the allowed state , And set the access port ;

stay Charles Choose... From the menu bar “Proxy”->“Proxy Settings”, Fill in the proxy port 8888（ Be careful , This port does not have to be filled in 8888, You can also write other ports , But remember this port , Because the allowed access port set here , When configuring the mobile terminal, you need to use ）, And hook up ”Enable transparent HTTP proxying” It's finished in Charles Settings on . Here's the picture

Need to find charles Of this machine IP; Click on HTLP -> local IP Address You can see the current native IP Address ;

You can also open the terminal to view , such as window,cmd Next ; Input ipconfig You can check the IP

Above ,charles Mobile access is allowed IP And the ports are 10.36.198.189:8888 Type in the browser This HOST Will find charles A window will be prompted to ask if you are allowed to access ; Click on Allow, You can access the agent

The second step ： Press the cell phone charles Of IP And port configuration ;

Mobile link wifi,wifi Of HTTP The agent chooses the manual item （ Android is similar to ）

stay iPhone Of “ Set up ”->“ WLAN “ in , You can see the current connection wifi name , By clicking on the details key on the right , You can see... On the current connection wifi Details of , Include IP Address , Subnet mask and other information . At the very bottom there is “HTTP agent ” a , We switch it to manual , Then fill in Charles Running on the computer IP, And the port number 8888

The third step , After a successful phone pairing ,charles Pop up the window and ask if it's allowed ;

Once you set it up , We turn on iPhone Any program that requires network communication , You can see that Charles eject iPhone Request connection confirmation menu

The pop-up window above , Click on Allow that will do ; At this time, it has been matched successfully , Start to grab the bag happily ;

If your charles No configuration , It is impossible to grasp HTTPS The content of this encryption protocol ;

If grab is needed HTTPS Website resources , Please check out Charles Of HTTPS How and how to grab the bag

Be careful ： Need to understand a possible disadvantage , If you entrust the Internet related affairs of mobile phone to charles, So when charles When something goes wrong or doesn't turn on , At this time, the mobile phone must not be able to access the Internet normally ; This must be understood , Because many people put their cell phones IP Entrusted to charles After acting , The next morning when I went to Ben , mobile phone wifi Will default to link your commonly used HD wifi; And at this time wifi The settings of may have been delegated to charles 了 , But the computer just didn't turn on charles Or after restart ip Change, etc ; cause charles Not working properly ; This leads to the problem of being unable to access the Internet ;

Be careful charles This kind of capture , Only the requested resource can be captured , If it is APP in , Internal code and resources , Because there is no request to the server , So it can't be caught ;

Determine whether to call internal resources , You can cut off the network of your cell phone , If it can be displayed normally at this time , Explain that the resource is written in APP Inside , You can't get it through agency ;

Mobile capture https

Mobile phone installed SSL certificate （ If you need to grab the phone access HTTPS Website , You need to do this , But if you don't need a cell phone to grab HTTPS, There's no need to install ）

Similar to the above , It's also HTLP Below SSL Proxying, choice ”Install Charles Root Certificate on a Mobile Device or remote Browser” （ Install... On a mobile device or remote browser SSL certificate ）

Then you'll see a pop-up window , Prompt you how to operate

configure your device to use charles as its HTTP proxy on 10.36.198.189.8888,then browse to chls.pro/ssl to download and install the certificate

The general meaning is to let you put the wifi The message is set HTTP agent , The content is 10.36.198.189.8888; Then browse through chls.pro/ssl You can download and install the certificate

Mobile installation certificate ： Enter... In the browser ：chls.pro/ssl Download the installation certificate （ Android recommends that you do not download with your mobile browser , It may not be installed , If it doesn't fit , Find settings -> Security and privacy -> Encryption and credentials -> Install... From a storage device （ There is a problem with the Android download certificate or installation certificate. It is recommended to use other browsers to download ）.Ios mobile phone ：1. Set up -> Universal -> Describe document and equipment management , Installation certificate ;2. Universal -> About the machine -> Certificate trust settings - Turn on ）

Two 、Charles Common operations
（ One ） Filter domain names
Method 1 ： Filter domain names directly ;

In the middle of the main interface Filter Fill in the keywords to be filtered out .

Method 2 ： modify Include Domain name and port of

stay Charles The menu bar to choose “Proxy”->”Recording Settings”,

And then choose Include bar , Choose to add an item , Then fill in the protocol that needs to be monitored , The host address , Port number .

In this way, you can only intercept the packets of the target website ;

Usually , We use method one to do packet filtering , Method 2 do some unique domain name grab , Under normal circumstances , This setting method is not recommended ;

Because this way , Yours charles Only the domain name you have configured ;

If one morning , Yours charles Everything is all right , The visit is normal , And in active commections I also saw the request information of a domain name , But in the main interface, you can see the acquired information ;

There's no need to worry , It's probably because you set up include The specified domain name of ;

And it's after setting that you forget to release , It makes you look confused ;

This method is not recommended , It's too rough , Unless you've only seen one... For half a month HOST Next message , Otherwise, never do this , It's easy to forget to use it later ;

If you just want to see the request and response information of a domain more clearly , It is recommended to use the focus domain name setting in structural view mode ; That pattern is better than this one , Here is the call method in sequence mode after filtering the focus domain name ;

Method 3 ： Filter focus domain

① Click on fillter hinder focused To screen what you do focus Tag file

② Right click on the target's network request , Choose focus（ here , The domain name has been set as a focus mark ;

The focus domain you set is "View"->”focused Hosts” It can be viewed and managed

Structural view , The exhibition in this mode is more humanized ;

When you set a domain name as the focus domain , The current domain list will be displayed on it ,

And other non focus domains , Will be in other Hosts Inside display ;

3、 ... and 、Charles Introduction to the main interface
main interface
Charles There are two views to view packets , Respectively called

Structure
Structure/ Structural view , Classify network requests by domain name accessed , For example, under a domain name there is n Resource requests , Then all requests under this domain name will be classified in detail here ;
Sequence
Sequence/ Sequence view , Sort network requests by access time , Follow the order in which your computer sends requests

contents Is the most commonly used label , The first half is the request , The second half is the response ;

In the request section , According to the content of the request , It's divided into many items ;

For example, if it's form submission , There will be form For you to view the submitted content （ The way of table graphic ）,

Last item ”Raw” It's unprocessed request information , It can be understood as ,raw All the items on the left are right raw The separation and beautification of information , So that you can see ;

Of course in the response area raw The relationship with other projects is the same , Respond to part of Raw Is all the unprocessed information received ;

If the response is JSON Format , that Charles Can automatically help you to JSON Content formatting , It's convenient for you to check .

If the response is a picture , that Charles It can show a preview of the picture

Right-click menu
On the website 、 Right click on the domain name

Area 1 Basic operation ： Basic URL Copy , file save , And search within the selected file
Area 2 Rewrite operation ： Rewrite send request （ It is suitable to call the interface ）, Or send it to gitlist in
Area 3 View area ： Sort and so on
Area 4 Set the focus ： You can set what you care about or need to ignore
Area 5 Clear area ： Garbage cleaning use
Area 6 Tool area ： Corresponding to the entrance of common tools
Area 7 Mapping area ： Map files to local or original URL
stay overview Area and contents Area Right click

charles overview Is an overview of the request file , Yes HTTP/s Analysis is very important

Four 、Charles File menu
charles File menu summary

file( File menu )

charles Create a new session

Usage mode 1：File -> new session

Usage mode 2: Ctrl + N

This is not a new request , Is to open another tab , It's a bag grabber ;

Edit（ Edit menu ）

charles preferences

preferences , Note the following

View options

Startup settings

Warning settings

The focus of host

Focus Host Is the focus domain name

In sequence view , choice focued after , Will only keep your focus domain name

5、 ... and 、Charles Agent menu

One 、 Common function switch area

stop/start recording Start / Pause recording , It should be noted that the latter session1 Represents the current session window you are going to operate ; Is to switch whether to capture records
Be careful ： The switch here is just a switch for whether to record information , Not at all charles The switch of ; That is to say, if you stop recording Then it's just that the information is no longer captured on the interface ,charles Will work all the time

stop/start throttling Start / Pause throttling , It's the analog phone 2G/3G/4G The speed of , The turtle icon corresponding to the toolbar

Generally, you can choose as many speeds as you want , The following default is OK ;

Note that if you are fast ; It's the speed limit ; If you have Internet speed low, You choose one 100Mbps Of , In fact, I can't get there ;

enable/disable breakpoints Enable / Disable breakpoints

When breakpoints are enabled , When requesting this interface again , The breakpoint interface will appear , Parameters can be modified , Click after modification Execute Can execute

Two 、 Common function setting area

recording settings Record settings

throttle settings Throttle setting

breakpoint settings Breakpoint settings

3、 ... and 、 Reverse proxy and port forwarding area

reverse proxies Reverse proxy
The difference between forward agent and reverse agent ：

Forward agency ： It's the proxy client , Send and receive requests for clients , Make the real client invisible to the server ; On the customer side , Send and receive requests for customers （ It's similar to the normal use of charles The function of ）

Reverse proxy ： It's a proxy server , Send and receive requests for the server , Make real servers invisible to clients ; On the server side , Send and receive requests for the server , Common application scenarios are load balancing applications that request to be distributed to multiple servers .

A word is ：

Forward agency ： The agent is the client .

Reverse proxy ： The agent is the server .

Reverse proxy settings

Local port ;

The port on the local host creates a reverse proxy . This field may automatically fill in an available port . If there is another application using the port , The reverse agent will receive a warning message when it starts .

Remote hosts and ports

The hostname or... Of the remote host that is the destination of the reverse agent IP Address and port . The remote port defaults to 80, This is a HTTP Default port for .

Override redirection

The response to redirect the remote server will be overridden to match the reverse proxy source address . On by default .
The redirection response of the remote server is fully qualified URL, Even if they're on the same website .

If you redirect to a remote server address , It needs to be rewritten as a reverse proxy local address , Otherwise the client will use redirection URL To remote host , So there is no longer a reverse proxy connection .

Keep the head

Host HTTP The header is passed unchanged from the incoming request , Instead of rewriting the host header normally to match the reverse proxy remote host . The default is off .

Only if you have specific requirements , You need to keep the header ; It's not necessary to use it in ordinary use .

Monitor specific addresses

If you want to specify a local address to listen for a reverse proxy , You can enable this option and enter... Here IP Address . If you want to run multiple network services on the same machine , But different on the same machine IP Run on address , This function is very useful .

When this option is disabled , The reverse proxy will bind to all available local addresses .

port forwarding Port forwarding
Port forwarding （Port forwarding）, Sometimes it's called a tunnel , It's containment (SSH) A method used for secure network communication . Port forwarding is the act of forwarding a network port from one network node to another , It enables an external user to pass through an activated NAT The router reaches a private internal IP Address （ Inside the LAN ） A port on .

Port forwarding enables you to send local TCP or UDP The port transparently forwards to the remote host and port . All requests and responses on the port may be recorded in Charles .

Port forwarding traffic is recorded in Charles As socket//hostport/URL

If you have to use Charles Monitored non HTTP Applications , Then port forwarding is very useful .

Create the port to the original target server , Then connect the client application to the local port ;

Port forwarding is transparent to client applications , And enables you to view Charles Traffic that might not have been available previously

Four 、charles The agent identity configuration area of

windows proxy Windows agent ( Turn on the whole system through charles Acting as agent )
5、 ... and 、 Common advanced settings area

proxy setting Agent settings
The main interface of setting is as follows ：

Dynamic port

Be careful ; If you charles Set up 8888 The port of , Other services can no longer use this port number , Otherwise, there will be unexpected mistakes in the conflict ;

Transparent HTTP agent

When the phone is connected ,http The agent wrote = Player movement , And fill in this time charles The local address of and the 8888 Port can ;

options in It's mainly about setting up Bypass agent

ssl proxy setting ssl Agent settings
The most common setting is the first ssl proxying, Here's a record of what needs to be captured ssl Information about ;

Be careful , If you don't set it up here , Although you installed ssl Of charles certificate , You still can't capture ;

adopt SSL agent , Your browser or application will be received by Charles Signed certificate , Not from remote Web The original certificate of the server . This will trigger a warning in your browser or application , Some applications may actually reject the connection .
You can configure your browser or application to accept Charles Certificate ; For setting up wildcards here , Means to capture and record all ssl Protocol request and response .

access control setting Access control settings

This access control determines who can use this charles,

This machine is always accessible , If the default access control list is empty ;

It means that in addition to this computer , No equipment can be used charles.

If you start with the following tips , When an unauthorized device connects, you will be prompted if you allow ;

Similar to the prompt box below

When your cell phone accesses , The computer will prompt ;

After setting here host, There is no need to confirm when connecting ;

extornal proxy setting External agent settings

Sometimes you may need to use a proxy server on the network to access Internet.

under these circumstances , You need to Charles Configure external agents .

You can configure authentication information for each agent type .

Charles Support for basic authentication and NTLM Authentication . about NTLM Authentication , You can type “ domain name ” Options .

If you do not configure authentication and external proxy request authentication ,Charles The validation request is passed to the browser ,

It's like Charles Itself is requesting authentication the same .

Exclusion list

You can enter... To bypass the external agent loacation list .

The list is space delimited , Every location It's all a mainframe or ip Address matches optional port （ for example hostname：port）, And it supports wildcards .
Please note that ： Previous Charles Automatically excluding location Prefix matching in the list .

web interface setting Web Interface settings
Web The interface allows you to use Web Browser control query , You can visit http://control.charles

Of Web Interface , When the query runs , You can enable this feature and configure the following access control

First you have to turn on web inter face,

Otherwise you visit

http://control.charles

I'll remind you that you didn't turn it on ; Here are some tips

7、 ... and 、Charles Tools menu （Tools）
charles Tools menu summary

Mainly the following functions , For details, click the corresponding menu to view

Disable caching
No caching Settings/ No cache tool usage

Prevent caching by modifying request and response headers ;

No caching tools

No caching tools to block client applications （ Such as Web browser ） Cache any resources . therefore , Requests are always sent to remote sites , And you always see the latest version .

Scope of application

The tool can act on every request （ Choose Enable No Caching that will do ）, You can also configure only for HOST Enable （ To enable the nocaching meanwhile , Please check only for selected locations）;

When used in ”only for selected locations” when , Can be no caching The effect is limited to the host you are configuring ;

Of course location The configuration is also very flexible ;

I prefer to use all ban , Choose Enable No Caching, And the following only Option not selected , That's all right. ;

But there's also a downside to this , When you visit , The same resources , In the view , Every call , There will be one ;

About WEB cache

WWW Is one of the most popular applications on the Internet , Its rapid growth leads to network congestion and server overloads , Increased customer access delay ,WWW The quality of service is increasingly apparent . Caching techniques are considered to reduce server load 、 Reduce network congestion 、 enhance WWW One of the effective approaches to scalability , The basic idea is to make use of the time locality of customer visit （Temproral Locality） principle , Put the content that the customer has visited in Cache Store a copy in , The next time the content is accessed , You don't have to connect to a hosted site , But by the Cache Copies reserved in provide .

Web Content can be cached on the client side 、 Proxy server and server side .
Studies have shown that , Caching technology can significantly improve WWW performance , It can bring the following benefits ：

（1） Reduce network traffic , To reduce congestion .
（2） Reduce customer access latency , The main reasons are ：① Cached content in proxy server , The client can get it directly from the agent, not from the remote server , Thus, the transmission delay is reduced ② The content that is not cached can be quickly acquired by customers due to network congestion and server load reduction .
（3） Because part of the customer's request can be obtained from the agency , This reduces the load on the remote server .
（4） If the remote server is unable to respond to the customer's request due to the remote server failure or network failure , The client can get a cached copy of the content from the agent , bring WWW The robustness of the service is enhanced .
Web The caching system also brings the following problems ：

（1） What customers get through agents can be outdated content .
（2） If there is a cache failure , The client's access delay is increased due to additional agent processing overhead . So in the design Web When caching the system , We should strive to achieve Cache Maximize hit rate and minimize failure cost .
（3） Agents can become bottlenecks . Therefore, a maximum number of service customers and a minimum service efficiency should be set for an agent , So that the efficiency of an agent system is at least the same as that of a client directly connected to a remote server .
http://baike.baidu.com/item/%E7%BC%93%E5%AD%98

No caching Operating principle

No cache tool controls the response of the cache through manipulation HTTP Head to prevent caching ;

Remove... From the request If-Modified-Since and If-None-Match head , add to Pragma：no-cache and Cache-control：no-cache.

Remove... From the response Expires,Last-Modified and ETag header , add to Expires：0 and Cache-Control: no-cache.

Because all requests and server responses of the client go through charles To deal with , therefore charles It's easy to do this

Ban Cookies

Ban Cookie Tools

Ban Cookie Tools block sending and receiving Cookie. It can be used to test websites , It's like disabling... In your browser Cookie equally .

Please note that , Web spider （ Such as Google） Usually not supported Cookie, So the tool can also be used to simulate the view of spider website .

Scope of application

The tool can be enabled for each request , You can also enable... Only for selected locations . Choose enable block cookies that will do

When used for a domain name , Can disable Cookies The effect is limited to the host you are configuring ; At the same time, select only for selected locations that will do ;

principle

Cookie The header is removed from the request , Prevent cookie Value from client application （ for example Web browser ） Send to remote server .

Set-Cookie The header will be removed from the response , This prevents client applications from receiving... From the remote server cookie Request .

Be careful

Many websites log in by writing Cookies Then by reading Cookies To manage the user identity and authority of the website ; If you disable Cookies, This will lead you to log in to a website all the time , Stay on the landing page , This is because writing to you Cookies There is no value in the way of ; The performance is that you've been logging in , Although the account password is correct, it still stays on the login page ; That is to say, if you don't test intentionally cookie When disabled , There is no need to use this tool ;

Choose only for selected locations Set up

Set up a single match to see [charles location How to match .md], The settings are all the same ;

Remote mapping to URL Address
Remote mapping /Map Remote Settings

function ： Put the address you want to request , Map to a remote address ; It's equivalent to changing your request address ;

Remote mapping tool

The remote mapping tool changes the request location based on the configured mapping ,

So that from a new position “ Visible ” To provide a response , Just like the original request .
This mapping enables you to get from B The site provides A All or part of the site (A It's the original goal ,B It's where you map remotely ).

Use advice

If you want to develop a website , And already have a development environment for the site , And hope to apply some newly updated documents to online websites , How to test the effect , be “ Remote mapping ” Will be very useful .

To achieve the same effect, you can also modify the local HOST The way to achieve ; Of course, if you modify host The way , It may also be very easy , But it may take a host Management artifact switchhosts

Although remote mapping is not recommended , But it is highly recommended to use ” Local mapping ”

locations matching

Each location match may contain protocols , host , Port and path mode , To match a particular URL. Location may include wildcards .

Map to local
Local mapping /Map Local Settings

function ： Map the file that needs to request the network to the request local file

Local mapping tool

The local mapping tool enables you to use local files , It's like he's part of the site you visit , The process is , When the client gets the resource file , You can request resources from the server normally , But in charles It has been cut off , And redirect the current resource request to the comment you set ;

Local mapping can greatly speed up the efficiency of development and testing , Otherwise you will have to upload the file to the website to test the results . Use Map Local, You can safely test... In a development environment .

Dynamic files （ Such as the file containing the server-side script ） Not by Map Local perform , So if there is any script in the file to return the script to the browser （ It may not be the expected result ）.

Position matching

Each location match may contain protocols , host , Port and path mode , To match a particular URL. Location may include wildcards .

Local mapping

The local map contains a location match and a local directory , Try to provide a match from this directory .
Search the local directory for files using relative paths .

Relative path is part of the rest of the request location after matching the path part ;
Local mapping can be case sensitive ;

Rewrite tool
Rewrite tool /rewrite Srttings and rewrite rule

function ： Through charles Modify request and response

Rewrite tool

The rewriting tool allows you to , Modify the requested and responded rule.

rule( The rules )： Add or change the title or replace some text in the response body , Edit relevant data .

Rewrite set rewrite set can be activated and deactivated separately . Each set contains bits List of settings and rules . These location selection rules will run requests and responses .

rewrite rule： Every rule Describe a single override operation .rule May affect the request URL The title of the , The main body or part of the content ; It can operate on request or response ;

Then it can define search and replace or just replace style override , rewrite rule Edit dialog box , Provides information about rewriting rule More documents for , May have a look .

local matching Every local The match may contain protocols , host , Port and path mode , To match a particular URL.local You can use wildcards .

debugging
When the rewrite operation does not work , Rewriting tools can be difficult to debug . If you are in trouble , Please try to add a basic rule,

For example, add a very obvious title rule, So that you can see what you wrote rule Whether it matches the request .

You can also turn debugging on in the error log , To obtain from Charles Some debugging information printed in the error log accessed by the window menu .

Rule rewriting rewrite rule

Every rule Describe a single override operation

Type type
This type specifies the type of override operation to perform . There are four different types of rewriting rules ;

Title Rules ,

URL The rules ,

Query parameter rules ,

Response state rules and body rules .

Header and query parameter rules affect header fields and query string parameters respectively ; add to , Modify or delete headers and parameters .

URL Search and replace with principal rules URL And different parts of the subject . Response status rules perform lookup and replacement of response status codes and descriptions ,

for example . 200 OK

Where

Choose where to apply override rules ; In the request , Respond or both .

Match

The match field contains the text to match in the request or response , To decide whether to trigger this rule . You can leave the name or value blank or keep , To match any value .

If you leave both the name and value fields blank , You will match all requests / Respond to .

You can enable regular expression support , Provide... For your match Perl Style regular expressions . If you include groups in regular expressions , You can use them in the matching fields .
Unless regular expressions enable , Otherwise, the name field is the exact match field , under these circumstances , It supports partial matching . Name fields are not case sensitive for regular expressions and normal matches . If you want to create an override rule type that you don't need , The name field may be disabled .

The value field is a partial match , Unless you turn on match integer , under these circumstances , It's a perfect match . Value fields are not case sensitive for normal matching of regular expressions and header and query parameter rules , And right URL And body rules are case sensitive .

newly build / Replace

new / The replace field contains the text that was added or replaced in the request or response when this rule was triggered . Leave the name or value blank , To make them the same as the matching name or value .

If regular expression support is enabled for matching , You can use $1,$2 Wait for the reference match group .

The behavior of the name and value fields depends on matching . If there is a corresponding match , Then this field will be used as an alternative to the matching text , Otherwise, if the match is empty , Then the field will replace the entire name or value .

The value field supports replacing the first or all modes . If the name match is a regular expression , Then the name field always runs in replace priority mode , Otherwise, match exactly and replace the whole name .

If you want to create an override rule type that you don't need , You can disable the name or value fields .

Suggest

If you don't work as expected , Rewriting rules can be difficult to debug . Often the test , It's better to build a rule.

I seldom use this , It is usually modified again on the existing request ; then repeat;

The blacklist
Black List Settings

function ： Block matching HOST Request ; You can just drop the request , You can also go straight back to 403 Status code

White list
Whitelist tools , Allows you to block all requests except the selected location .

Be careful ： If a request and “ The blacklist ” and “ White list ” At the same time, the match is successful , Will be stopped .

Whitelist tools

The white list is in addition to the HOST outside , Block all requests .

When Charles When receiving a request that does not match the white list ,Charles Will block the request . You can choose Charles Will it simply close the browser's connection , Or return the error page to the browser （ have 403 Respond to ）.

Blacklist tool , Used to block only selected domain names . If a request and “ The blacklist ” and “ White list ” All match , Will be stopped .

DNS cheating
DNS cheating /DNS Spoofing

function ： Cheat by assigning your own host name to the remote address map DNS lookup

In the general development process , It needs to be verified in the test environment before going online , At this time, the domain name requested by the mobile client is not easy to change , Can be set by dns Way to forward the domain name to the test machine , Specific settings Tools->DNS Spoofing Settings

For example, we should include xxxxxx.com Domain name of to 10.0.0.71 On , In fact, it is modified HOST It can be solved by ;
Here's what's on the official file ：

DNS Spoofing The tool enables you to spoof by assigning your own host name to a remote address map DNS lookup . When the request passes Charles when , Your DNS Mapping will take precedence .

stay DNS Before the change ,DNS Spoofing Can be used to test virtual hosting sites , Because your browser will look like DNS Run as change .

DNS Changes usually take as long as 24 Hours to take effect , And there's no DNS cheating ,DNS After the change takes effect , The website will become very difficult .

You can map the host name to IP Address or another host name , These names will be given by Charles stay DNS To find it IP Address .

The host name may contain wildcards .

Mirror tool
The image tool will be used when you browse the specified website , Make a clone of the captured document , And save it in the path you specify ;

Be careful ： If your configuration is www.aaa.com; Then only the files under this domain name will be seized , If this domain name references 123.abc.com External resources ( Such as front end CSS,JS etc. ), Referenced external resources are not saved ;

charles Generally used to capture certain resources ; If you want to take someone else's whole station clone Come down , Recommend to use httrack This tool ,charles stay clone The website doesn't do well , It can be said that it's very rubbish .

But it's OK to store a small number of files for the target ;

The path to save the file will be the same as the directory structure of your browsing website , also charles A root directory will be created for the hostname . File name from URL Export and convert to suitable data for saving .

Application in practice ： You can cache the accessed data , Give Way app In the absence of server When , adopt map Local Map to the file you grab , such app Can keep running ;

You can also use the image tool to save the content of the website , adopt map Local Map to the file you grab ; By modifying the document , Achieve the function of local online debugging ( The content you debug is native because the resources you use are native , So it doesn't really affect online files );

The query string is contained in the filename .

If you receive the same URL Two responses to , Then the next file will overwrite the previous file with the same name , So you save the latest data in the image .
Image tool in data through Charles It's been stored , Therefore, it is not affected by the limitation of simulation slow setting ( Slow network speed only has an impact on your local front end , But the real speed is still the actual speed ).

Selected HOST

The tool can be enabled for each request , Or just for the chosen host Enable .
Of course , If you set host When , Resources written , Paths can be matched with patterns . asterisk ”*” and ”?” It can be used ;

Alternative methods （ Right click save）

In the use of “ Mirror image ” After the tool , You can also right-click charles A node in the directory （ file / Folder ）, After capturing the records, save all the results locally , This will make it easier to configure the image , And avoid some junk files .

The only difference is that the mirroring tool is not limited to the recording set in the recording settings , Later, the preservation response is limited , There may be a loss of data when the simulation is slow .

A possible pit

If the mirror tool is enabled , It will cause any compressed or encoded response to be decoded .

therefore , If the server provides a compressed response , So before it's passed to the client , It will be Charles decompression （charles It's a filter between the client and the server , Any request and response goes through charles）;
Immediately returned a decompressed file , In general, it will not have any impact ;
But if you've built your own client , Or you just want that compressed response , Then you won't get ;

Autostore
Auto save tool auto_save

“ Save automatically ” The tool will be after the interval you set , Automatically save and clear the captured content . Suppose you set up 3 minute , It will be saved every three minutes ,

And it will save charles The current session clears ;( In this way, it can be ensured that what is saved in the next three minutes will not be included in the previous saved repetition )

If you leave Charles Monitor long-term network activity , And I want to break records down into manageable units , Or avoid the memory shortage due to a large amount of data , It's very useful .

Enter the save interval （ minute ） And the directory where the session files are saved . You can choose whether or not to run Charles When to start “ Save automatically ” Tools , otherwise ,Charles Startup time ,“ Save automatically ” Tools will always be disabled .

You can choose to start the save interval timer at a multiple of the save interval of more than hours and minutes . Your first save interval will be shortened to align the intervals to multiple . for example , If your save interval is 15 minute , And in 10:10 Start the tool , The first save interval will be 10:15, To align 15 Multiple of minutes , Then each 15 Minutes at a time .

The session file is in its name format yyyyMMddHHmm（ That is to say, hour and minute ） preservation , In order to display in the correct order in alphabetical order , such as charles201705180927

Client process
Client process tools /client_process

Show the local client processes that make each request ;

The client process tool displays the name of the local client process responsible for each request .

Client processes are usually your Web browser , for example firefox.exe, But client process tools can help you discover many things that may not be known HTTP client .

The name of the client process is shown in the “ remarks ” In the region .

If you can at Charles See that you are not sure about the request to start the process , Then the client process tool is very useful . It is only available when running Charles A request made on the computer of .

The tool will be Charles Introduce a short delay before accepting each connection . Delays are usually not obvious or significant .

Specify domain name

The tool can be enabled for each request , You can also enable... Only for selected locations . When used for the selected position , The effect of the tool can be limited to the specified host and the path using simple and powerful pattern matching .

Modification request compose
Writing tools /compose and Compose New

compose It's based on the original request , modify ;

Can write all kinds of States ;
– URL：
– Method：
– GET
– POST
– PUT
– DELETE
– HEAD
– TRACE
– Content type：
– application/x-www-form-urlencoded
– multipart/form-data; boundary=********
– text/plain
– text/xml
– text/json
– text/javascript
– Protocol version：
– HTTP/1.0
– HTTP/1.1
– HTTP/2.0

After this is sent , The editor still exists , You can change it again ;

When writing , A pen mark will appear on the domain name , Represents that this document is writable ;

In fact, it's more convenient to right-click a file ,

New modification request
compose New It's a new pop-up window , Write one by one by yourself

Others follow compose almost

Batch repeat request
Repeat contracting tool /repeat

Charles Let you choose a request and repeat , Very useful when testing back-end interfaces ;

Charles Resend the request to the server , And display the response as a new request .

If you make back-end changes and want to test them , It was used charles after , You don't have to be in the browser （ Or other clients ） Repeat the request in ,charles Can be very convenient to complete .

Especially if the re creation request needs to pass some column parameters （ Like getting points in the game , For example, when filling out a request for a large list of forms ）, This will save a lot of energy .

The request is repeated in Charles Internal finish , Therefore, you cannot view the response in the browser or other clients ;

Response only in Charles To see .

Advanced batch repeat request
Advanced repeat contracting /Repeat Advanced

Advanced Repeat That is to repeat the contract for many times , This function is very convenient for testing SMS bombing vulnerabilities .

Or test the performance of the backend ;

This is also available on the right-click menu of the file , It will be more convenient and clear to operate there ;

Verification tool
Verification tool ／validate

Verification tool
Charles Can be sent to W3C HTML Validator ,W3C CSS Verifier and W3C Feed Validator to verify the recorded response .

Validation report in Charles It shows that , And display the warning or error corresponding to the line in the response source （ Double click the line number in the error message to switch to the source view ）.

because Charles Test its recorded response , It can test scenarios that are not easy to test , For example, display an error message after submitting a form .

Revalidation

After verification , You can select the response from the validation results and repeat , Repeat original request , Then re verify the results .

You can fix any validation problems , And revalidate the page , Without going back to the browser .
– -/ This is not yet available ;

Release Glist
Publish Gist / Publish snippet

Select a file , Click on Publish Gist, If you don't github, This file will be published anonymously , You can't delete it ;

Of course you can be in publish gist setting in , Make publishing settings , You can use your github Account to protect Publishing ; The code will be published to https://gist.github.com/

Import / Export settings
Interface
Glist Release settings
charles Glist Release settings

You can set Github Account ,

Release list Size limit for ; wait