Proxying SSL via Charles from Vagrant
The Swift application that I’m currently developing gets data from Twitter and I was struggling to get a valid auth token. To solve this, I wanted to see exactly what I was sending to Twitter and so opened up Charles on my Mac to have a look.
As my application is running within a Vagrant box running Ubuntu Linux, I needed to tell it to proxy all requests through Charles.
To do this, you set the http_proxy environment variable:
export http_proxy="http://192.168.99.1:8889"
(I use port 8889 for Charles and the host machine is on 192.168.99.1 from my VM’s point of view, you would use the correct values for your system.)
Then I realised that I needed SSL.
Charles supports SSL proxying by acting as a man in the middle. That is, your application uses Charle’s SSL certificate to talk to Charles and then Charles uses the original site’s SSL certificate when talking to the site. This is easy enough to set up, by following the documentation.
To add the Charles root certificate to a Ubuntu VM, do the following:
- Get the Charles root certificate from within Charles and copy onto the VM. On the Mac this is available via the Help -> SSL Proxying -> Save Charles Root Certificate… menu option
- Create a new directory to hold the certificate: sudo mkdir /usr/share/ca-certificates/extra
- Copy your Charles root certificate to the extra directory: sudo cp /vagrant/charles-ssl-proxying-certificate.crt /usr/share/ca-certificates/extra/
- Register it with the system:
- sudo dpkg-reconfigure ca-certificates
- Answer Yes by pressing enter
- Select the new certificate at the top by pressing space so that is has an asterisk next to it’s name and then press enter
You also need to set the https_proxy environment variable:
export https_proxy="http://192.168.99.1:8889"
SSL proxying now works and it became very clear why Twitter wasn’t giving me an auth token!
Quick correction: `dpkg-reconfigure ca_certificates` should be `dpkg-reconfigure ca-certificates`.
Thanks for the write-up, Rob!
Thanks Matthew! I've updated the post.