Charles Proxy

Posted by handfuloflight 5 hours ago

Comments

Comment by dhuan_ 4 minutes ago

I’ve found tools like Charles really useful for understanding what’s happening on the wire. When I need something more repeatable (tests, offline work), I usually reach for a mock server instead. I ended up building a small one for my own use and later open-sourced it:

https://dhuan.github.io/mock/latest/examples.html

Comment by hboon 4 hours ago

I don't have elaborate needs and have used Charles for many years. A few years ago I switched to https://proxyman.com and found it easier to use.

Comment by shubhamjain 2 hours ago

Proxyman is 100x value for 2x the price. I am not even kidding. Native UI, shortcuts, cert installation helper tools. And script editor to programmatically edit requests is so much better and powerful than Charles' request editor.

Comment by tricker5453 1 hour ago

[dead]

Comment by gokaygurcan 47 minutes ago

I frequently use them both. The main reason why I can't leave Charles is the lack of session grouping in Proxyman. Seeing a huge list of irrelevant items is annoying after some point. In Charles, I can save that session with a name and move on to something else. It's almost impossible to leave one for the other at this point for me.

This goes without saying, but huge thanks to the both developers for making these available.

Comment by aaronbrethorst 3 hours ago

Likewise. I was a dedicated user of Charles for about a decade. It’s great, but if you are a macOS user, Proxyman is better, easier, and more macOS friendly.

Comment by 2 hours ago

Comment by mavamaarten 1 hour ago

If the devs behind Charles would just tweak their UI a bit, it would be the absolute perfect tool. Functionally it pretty much already is. Mainly being able to turn on and off and configuring features I use all the time (rewrite, map local, map remote) is always a journey through menu's that don't always make sense. The only functional thing I'm missing is some DNS stuff (e.g. throttling or breaking DNS specifically).

I tried using proxyman for a while, and while definitely powerful and more modern, it honestly didn't feel "better" or more powerful so I didn't go for yet another license.

Comment by ChrisMarshallNY 3 hours ago

Pretty nice.

Does it work for Xcode simulators?

I use Charles extensively (I am using it for the development I’m doing right now), and it needs to work on simulators.

Cost isn’t an issue for me. Fitness to purpose is important. I won’t cripple my development capacity, in order to save $50.

Comment by itsn0tm3 3 hours ago

It makes working with Xcode simulators even easier by having a dedicated UI workflow to install the proxy certificates and restart the sim. I used to face issues from time to time doing this with Charles having to restart my machine at times and not getting the certificates to work. Proxyman makes this way nicer to work with and since switching I never faced certificate issues again.

Not trying to do an ad, but really glad I don‘t have to think about that anymore :)

Comment by jshier 3 hours ago

Yes, Proxyman has great sim integration, including the ability to filter by apps within the sim. It's a far better macOS app than Charles, and I've never found it to be lacking a feature I used in Charles.

Comment by ChrisMarshallNY 3 hours ago

Cool. I appreciate the tip. I’ll give it a go.

Thanks!

Comment by OptionalDonuts 2 hours ago

When I was still working with iOS, all of us on the team switched to Proxyman and found it much better than Charles. Developer experience wise that is (features, ui/ux, etc.) We ran into some issues with Charles and found Proxyman as the alternative. Don't remember the issues but we never looked back.

Comment by hboon 3 hours ago

It does. I find the UI better and setting it up easier too

Comment by sgt 4 hours ago

Looks much better, thanks for that tip

Comment by cientifico 4 hours ago

That it's an osx ONLY app.

Comment by lnx01 2 hours ago

MacOS, iOS, Windows, and Linux

Comment by distances 33 minutes ago

I was going to comment on the Mac exclusivity too which might be a bad idea now that Linux is on the rise. But you're right, there's a Linux beta too now. Thanks for the pointer.

Comment by logicuce 4 hours ago

I feel obliged to mention Fiddler. The tool I loved almost 20 years back and felt like it came from future. IIRC it was/is more powerful than Charles. Fiddler was Windows only but at one time they had builds for other platforms in works. Sadly they got acquired which changed their roadmap, and I had also moved on from Windows.

https://www.telerik.com/fiddler

Comment by _blackhawk_ 4 hours ago

This. I tell people tales of that beautiful tool. have you found anything for a MacOS? My hunt so far has been futile.

Comment by logicuce 1 hour ago

For macOS settled on Charles back then but not as capable as Fiddler.

Comment by mytydev 30 minutes ago

The fiddler landing page says it runs on Windows, macOS, and Linux, so maybe give it another try.

Comment by dsincl12 3 hours ago

https://proxyman.com/

Comment by cientifico 4 hours ago

One hidden gem.

The closest free alternative is https://www.mitmproxy.org/ that is not even close.

And off course, https://www.wireshark.org/ but that is too generic and with a bigger learning curve.

Worth the money. And no subscription (or there weren't a subscription back then)

Comment by acheong08 3 hours ago

I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.

Did post the source somewhere at some point but my git server got corrupted and I haven't gone and fixed it. https://github.com/acheong08/apple-corelocation-experiments/...

I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.

Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .

Comment by dns_snek 1 hour ago

Wireshark is extremely powerful and useful but it lives in a completely different category of tools. It's not a proxy so it can't modify traffic or inspect HTTPS [1], it's used to passively capture and analyze general network traffic and troubleshoot networking issues.

[1] without an elaborate setup, your program needs to be instructed to dump TLS encryption keys for Wireshark to read

Comment by efortis 4 hours ago

Burp is free too (community edition)

https://portswigger.net/burp/communitydownload

Comment by punnerud 2 hours ago

I was a daily user of mitmproxy, until they changed all they keybindings around version 2. Tried a couple of times to get used to the new “TMUX” style, but switched to Charles Proxy.

Have mitmproxy gotten any better in usability over the years?

Just based on the images, is seems to have the same problems?

Comment by doomerhunter 21 minutes ago

I am a Burp guy, but lately Caido[1] has been trending, pretty lightweight and can be ran in headless mode. It's still very security-oriented (as Burp Suite is), but might be worth your time, notably as you can run it on a VPS/container to proxy all your traffic through it (which is by-design, contrary to my beloved burp/zap)

[1] https://caido.io/

Comment by runtimepanic 3 hours ago

Burp Suite can do much of this as well, but the intent feels different. Charles is very much about observing and understanding raw HTTP(S) traffic with minimal friction, which makes it handy for quick debugging, mobile app inspection, or client-side issues. Burp leans heavily into security workflows: interception, replay, automation, and attack surface exploration. That power comes with more setup and a more opinionated UI. I’ve found Charles useful when I want visibility without switching into “pentest mode,” whereas Burp shines when security analysis is the goal.

Comment by lillesvin 2 hours ago

Just to mention an alternative option, ZAP (aka. Zed Attack Proxy) covers much of the same ground as Burp and is entirely free and Open Source.

Comment by dns_snek 1 hour ago

On paper ZAP has all of the features I care about, but I gave it my best try and found it really unintuitive to use.

Comment by obventio56 1 hour ago

Wait why is this on the front page? I thought this is a very established and well-known tool

Comment by followben 4 hours ago

Wow. Charles was indispensable tool for working with HTTP apis back when I got started as an iOS dev in 2011. Great to see it still going strong.

Comment by aua 4 hours ago

I found Charles Proxy last year and it's fantastic. They have a mobile app too (if you need the ssl proxying for mobile apps).

Comment by thunderbong 4 hours ago

Didn't know about that.

https://www.charlesproxy.com/documentation/ios/

Comment by DrBenCarson 4 hours ago

Alltime great software

I’m on proxyman https://proxyman.com/

Comment by jibcage 4 hours ago

I used Charles for a while and also jumped on the Proxyman bandwagon. It’s a slick tool and even works for remote debugging (i.e., an iPhone attached to your computer with a cable).

Comment by tricker5453 1 hour ago

Proxygen (https://proxygen.app.) has this super cool way to pair its iPhone app with the Mac app, and then remotely inspect traffic from iPhone apps on the Mac. You do the pairing once and then just beam traffic over. Attaching cables feels pretty ancient compared to this.

Comment by swaraj 3 hours ago

I once used Charles Proxy to change all the game configs for Candy Crush Saga on my phone back in 2013 by intercepting and replacing the API requests - I made all the puzzles have 1-2 colors and infinite powerups. I guess they didn't care much about the security because I ended up spending way more time in the game

Comment by infomaniac 4 hours ago

Fantastic software that I've used for over a decade. Interacted with Karl a few years ago about Adobe's AMF format; very generous with his time. I was surprised to learn that it's over 20 years old! https://en.wikipedia.org/wiki/Charles_Proxy

Comment by sponno 4 hours ago

i just texted Karl to say he’s on the front page of HN. I was the same. Charles was soo good for ol AMF!! Still miss Flash.

Comment by poemxo 1 hour ago

I like Burp Suite better for intercept and Squid better for a persistent proxy but maybe I'll give Charles another shot.

Comment by h33t-l4x0r 3 hours ago

I loved Charles, I used it for many years. It only stopped when an update changed the UI in ways that were confusing, and also the chrome network tab really did everything I need in terms of inspecting requests / responses.

Comment by eddywebs 4 hours ago

How come a reverse-proxy, better than the network tab in dev tools ?

Comment by efortis 4 hours ago

You can do more, e.g., changing the status code

Comment by tgma 4 hours ago

More narrow cmdline http inspection tool https://github.com/signeen/inspect-http-proxy

Comment by self_awareness 4 hours ago

This one is truly a gem:

https://httptoolkit.com

It even bypasses SSL pinning on Android using 1 click.

Comment by el_benhameen 4 hours ago

Just upgraded my license today, so I guess Charles is my new Baader-Meinhof token. Great tool! The ssl proxying is especially handy.

Comment by simultsop 1 hour ago

Tool that can't be beaten

Comment by tricker5453 1 hour ago

I mean, Charles Proxy was a great option perhaps 20 years ago, in a time when there weren't any native Mac apps around.

If you take a closer look at the HTTP proxy app space a lot has happened since then. We have many free open source apps like mitmproxy, information security focused tools like Burp Suite and many others.

I have taken a liking on a relatively new app Proxygen (https://proxygen.app). They've nailed their UI and the app receives constant updates. Their free version runs circles around similar apps like Charles and Proxyman which aren't that great value these days.

Comment by daishi424 54 minutes ago

Mind making some disclosure? Your account is 0 days old, and has made 3 comments. All in the same thread and promoting the same app.

Comment by tricker5453 17 minutes ago

Just noticed this post making the rounds in Hacker News. I've worked with these tools for tens of years so figured I'd chime in, although I haven't commented here before. Lately I've been super happy with the Proxygen app and wanted to add it to the discussion because I really want to see that app thrive. Included the URL as the names are easy to confuse.

Comment by rramadass 2 hours ago

How does "Zed Attack Proxy" (ZAP - https://www.zaproxy.org/) which is opensource and part of OWASP (https://owasp.org/www-community/Free_for_Open_Source_Applica...) compare with this and other similar proxies?

Comment by wahnfrieden 4 hours ago

Even after using it for years I could never recognize all its unlabeled icons without hovering for tooltip

I emailed the author about it a decade ago but he didn’t seem convinced

Comment by user3939382 4 hours ago

Even better SIP bullshit off kext tap nic mitm intermed. certs. Fuck all the phone home stuff it’s enough.

Comment by imvetri 4 hours ago

Never learnt the use of this tool. The certificate configuration tripped my head during my work. This gives brain damage because it doesn't make sense.

Why to check network payload when you are sure the data was sent.

-frontend developer