in mobile

Sniffing HTTPS packet being transfer from your mobile device.


Step 1: Download

Download a copy at and install on your machine. Note, this app is $50 USD (includes 4 licences) but is free on a trial for 30 days.

Upon the first run, you will start to see SSL requests coming in their encrypted form, we will need to perform an SSL “man in the middle attack” on ourselves to view the data unencrypted.

Encrypted Requests

Step 2: Install Root Certificate Authority (CA) on your Mac

Go to:

Help > SSL Proxying > Save Charles Root Certificate

Double click to install the certificate, this should open “Keychain Access” then search “Charles Proxy CA”, right click on the certificate > Get Info, open the “Trust” menu and select from the dropdown “When using this certificate” to “Always Trust”.

Go back to the Charles App and go to menu

Proxy > SSL Proxy Settings...

add host “*” and port “*” to the Locations list. Make sure to restart your browser so it now uses the new Root Certificate.


This will allow you to monitor SSL requests by Charles on your machine!

Step 3: Setup your Phone

You will need to send the certificate you had saved above via email to an active email account on your iOS device and be using the Apple Mail App (unfortunately, going to the recommended in Safari does not install the certificate). Click on the attached certificate in the email message and this view below should appear, install the profile:

Next, find out the IP of your machine (Will be in network settings) and make sure that both your iOS and Desktop OS Machine devices are connected to the same network then navigate to

Settings App > Wi-Fi > WifiName Settings > HTTP Proxy > Manual

then enter Server: 10.x.x.x (the local address of your machine found above) and Port: 8888

Wi-Fi Settings Page

Then go back to Charles App and click “Allow” on the popup asking for permission

You should now see requests coming in from your device!

My Instagram Feed!

Last Step: Cleanup

When you are done, revert back to a legitimate CA Root by deleting the “Charles Proxy CA” certificate on the Mac in the Keychain Access App and on iOS by going to General > Profile > Charles Proxy and deleting the certificate.

Write a Comment