Charles Proxy for iOS no longer works when this tweak is installed.

nabla-c0d3 / ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

Other

3.07k stars 466 forks source link

Charles Proxy for iOS no longer works when this tweak is installed. #51

Closed espresso-flavoured closed 4 years ago

espresso-flavoured commented 6 years ago

An iOS version of Charles Proxy was released a few months ago. I tested it out on my iPad with 10.0.1 and iPhone with 11.3.1, and on both devices, it fails to process https requests when this tweak is enabled. Without this tweak installed, Charles Proxy works normally. I'm happy to provide Console logs if those would be helpful. I'd appreciate any help you can offer, and thank you for your work on this tweak.

XMB5 commented 6 years ago

What app?

espresso-flavoured commented 6 years ago

What app?

@XMB5 The nature of the problem is how Charles Proxy iOS operates with SSL Kill Switch installed. It is unable to proxy HTTPS connections, which prevents me from intercepting HTTPS traffic from any iOS app.

_{Sent with GitHawk}

XMB5 commented 6 years ago

Try running NoSubstitute on the charles app

espresso-flavoured commented 6 years ago

Try running NoSubstitute on the charles app

@XMB5 I just tried using NoSub. It seems to work, but only intermittently. I’ll have to gather the logs to better explain that.

_{Sent with GitHawk}

macdonjo commented 6 years ago

Is NoSubstitute only required on iOS 11 or newer?

varenc commented 5 years ago

I unsuccessfully tried to workaround this just by not enabling kill switch until after Charles iOS was running and intercepting. If this worked I just would have added an extra check to avoid injecting into Charles but no dice. Something else must be going on?

iOS logs to demonstrate:

works great when proxied to Charles on my desktop though! (for most apps)

nabla-c0d3 commented 5 years ago

Charles Proxy for iOS uses a local VPN so it makes sense that SSL Kill Switch would disrupt it. One solution would be to prevent Kill Switch from getting loaded into the Charles Proxy processes, by adding their bundle IDs to the MobileLoader filter at https://github.com/nabla-c0d3/ssl-kill-switch2/blob/master/SSLKillSwitch2.plist

blunden commented 5 years ago

@nabla-c0d3 The SSLKillSwitch2.plist can't be used to prevent it from loading from my understanding (i.e. there is no exclude funktionality built for these filters), unless you remove the predefined bundles in there which causes it to get loaded into almost everything and instead just explicitly add the bundles you want to inject into.

The latter worked for me when I had to find a quick fix for a short project. My hope was to find a better solution and submit a pull request if the solution was generic enough to be useful to others.

blunden commented 5 years ago

@varenc You can try excluding the charles proxy process using the feature I added in #65 if this is still an issue for you. I linked a compiled version in there as well.

jzarca01 commented 5 years ago

For those wondering: Charles proxy BundleId is com.xk72.Charles

nabla-c0d3 commented 4 years ago

I've added a section to the README about Charles Proxy. Thanks again for the help.