Charles Web Debugging Proxy 3.3.1 available

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.

Charles simulates modem speeds by effectively throttling your bandwidth and introducing latency, so that you can experience an entire website as a modem user might (bandwidth simulator).

Charles is especially useful for Adobe Flash developers as you can view the contents of LoadVariables, LoadMovie and XML loads. Charles also has native support for Flash Remoting (AMF0 and AMF3). More about Charles and Flash.

Charles is also useful for XML development in web browsers, such as AJAX (Asynchronous Javascript and XML) and XMLHTTP, as it enables you to see the actual XML that is flowing between the client and the server. Charles natively supports JSON, JSON-RPC and SOAP; displaying each in a simplified tree format for easy viewing and debugging.

Below is a list of Charles’ features:

  • Cookies are shown in the HTTP headers, so you can see exactly what cookies you are sending and receiving.
  • Every request and response is recorded in Charles. Redirects that are often too quick to see when testing with a web browser can be seen in Charles. Requests from applications other than your web browser (such as Flash movies) can also be seen.
  • Request and response sizes are shown in Charles, so you can see how big each request was.
  • Assets loaded from an HTML page are recorded so that you can see how many images etc are loaded by a page, and where from.
  • All files can be viewed, including JavaScript files, CSS files, HTML files etc.
  • Mirror all responses to disk, recording your session.
  • Blacklist sites so that requests are blocked.
  • See the results of caching by seeing cached responses (304 Not Modified), and requests containing last modified dates (IfModifiedSince).
  • Disable caching by removing cache related headers from requests and responses as they pass through Charles, ensuring that you are always requesting the latest file.
  • See whether a cache has served your request by looking for cache-hit HTTP headers.
  • View encrypted HTTPS traffic in plain text. Enables you to view requests and responses in plain text even when communicating with an SSL secured web server.
  • Reveal unexpected requests, such as typos and 404s.
  • View requested images.
  • Bandwidth Throttle your web connection to a specified bytes/second speed, and millisecond latency. This enables you to simulate modem conditions on a high speed internet connection (bandwidth simulator)
  • Spoof DNS name to ip mappings so that you can test a domain name before it has gone live. Very useful for testing your virtual hosting.
  • Export to CSV all of the summary data captured by Charles for analysis and reporting in Excel
  • Reverse proxy creates ports on the localhost that act as regular HTTP servers, but forward all requests to a specified web server.
  • HTTP 1.1 support - including keep-alive, chunking and content-encodings including gzip, compress and deflate.
  • External proxy support - configure an proxy for Charles to use to access the Internet
  • NTLM authentication support (Windows NT Challenge Response Authentication / Integrated Windows Authentication)
  • Automatic configuration of Windows Internet Proxy settings.
  • Search all headers and bodies for keywords.
  • Port forwarding support, allows any protocol to be forwarded by Charles and debugged.
  • Unicode and other charset encoding/decoding support.
  • AJAX debugging (Asynchronous Javascript and XML) and XMLHTTP debugging
  • AMF parsing to help debug Flash Remoting
  • Firefox proxy autoconfiguration
  • Automatic Update Checking

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2


Related Articles

Application Scanner
Charles Proxy
Data Sniffer
Information Gathering
Security Solutions