search
githubEdit

Setup Charles Proxy on Ubuntu

This is an opinionated article that details how to setup Charles proxy on Ubuntu (as shown on 24.04). Please see charles website for more information: https://www.charlesproxy.com/.

hashtag
1. Install Charles Proxy

  • Download the Linux version from https://www.charlesproxy.com/download/.

  • Install using your package manager or by extracting the tarball:Shelltar -xvf charles-proxy-<version>.tar.gzcd charles-proxy./charles

  • Ensure Java is installed (Charles runs on Java).

or:

wget -qO- https://www.charlesproxy.com/packages/apt/charles-repo.asc | sudo tee /etc/apt/keyrings/charles-repo.asc
sudo sh -c 'echo deb [signed-by=/etc/apt/keyrings/charles-repo.asc] https://www.charlesproxy.com/packages/apt/ charles-proxy main > /etc/apt/sources.list.d/charles.list'
sudo apt-get update && sudo apt-get install charles-proxy5

hashtag
2. Enable SSL Proxying

  • Open Charles and go to: Proxy → SSL Proxying Settings → Enable SSL Proxying.

  • Click Add and enter:

    • Host: * (wildcard for all hosts)

    • Port: 443

  • This ensures all HTTPS traffic is decrypted.charlesproxy

hashtag
3. Install Charles Root Certificate on Linux

hashtag
Export the Root cert & priv key

  • In Charles, go to: Help → SSL Proxying → Export Charles Root Certificate and private key.

  • set a password you can remember - only need it for a short while

  • Name the file charles.p12

hashtag
Convert the p12 file to PEM

  • A .p12 files have both halves of the key embedded, so that administrators can easily manage halves of keys - but it is encoded, so you can't really read it. Lets convert it to a pem

Note: it will prompt you for that password we created before:

  • now when we try to inspect the newly exported .pem file, it will have a public and private key that is readable:

.pem files are generally the public key, used by the client to verify and decrypt data sent by servers. PEM files could also be encoded private keys, so check the content if you're not sure.

hashtag
Optional: If you messed up your cert chain and have crap in the keychain, we can reset it.

hashtag
Move the cert & make it trusted

Now we need to move this file & make it trusted. When installing the cert into the trusted chain, its going to want it on the crt format (non-encoded)

update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates. Source: https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.htmlarrow-up-right

hashtag
Setup the proxy:

For comandline tools that use the environment variables to configure the proxy, lets update the http_proxy env variable

For other apps that use the system proxy, we can setup the system proxy

  • Goto settings -> Network -> Network Proxy

hashtag
🤪Lets do the thing! Run Charles!

go back to terminal and lets launch charles

and it should look pretty empty without anything going on.

hashtag
Now lets do the thing!

Now if i go back to my command line and hit a few urls, I should now see a bunch of gobbledygook that will be the raw HTML that is being returned from a request.

Now if I go look at Charles, I should see two entries

  • One for the http traffic

  • One for the HTTPS traffic - not the Protocol difference, esp the SSL section

hashtag
🌐4. Web Browser Configuration

Now if you're the kinda fella (or misses) that wants to use a browser, if you launch firefox, you might see something like:

If we goto settings, and search for "cert" in the dialog, you'll see Certificates settings pop up. Simply clicky the "View Certificates" button

  • And now you'll see the various root certs. lets import our fancy cert we generaeted. Click "Import"

This will pull up the file dialog, and go ahead and select the charles.crt file we previously used and select, well "select"

  • Then you'll want to checky the boxes so you can trust the heck out of this cert!

  • If you are the enquiring type, go ahead and hit "view" if you want to check out that bad boy cert!

  • Otherwise go ahead and scroll down and you'll see our fancy new cert listed. Hit "OK" when you are ready to get back into it

  • Now if you go back to your browser and reload, you should see that everything is right as rain:

hashtag
🔥5. OMG! It's on fire! turn it off, turn it off!

  1. Calm yourself

  2. undo the proxy settings in the system by running

  1. System Proxy: Now lets go back to Settings-->Network->Proxy, and we can disable

  1. Remove all the Imported certs & root trust

---

⚠️ Security Note

Only use SSL proxying in controlled environments. Intercepting traffic without consent can be illegal and unethical.

PreviousConfig ubuntu 20.04 vm for rdpNextSNMP Setup on Ubuntu

Last updated