When I want to view SSL traffic which is being proxied through Charles I need to have an SSL certificate from Charles installed on the smartphone. Why it's needed and how it's possible for Charles to decrypt and then encrypt again the data routed through it?
I imagine it in the way that if some smartphone app uses SSL then:
- the data is encrypted (by the app? by the OS' network layers?) then
- the encrypted data is sent to the world and
- the encrypted data is intercepted by Charles
- Charles gets the encrypted data and what now?
How does it know how to decrypt the encrypted data? And how does it know how to encrypt the decrypted data again to send it finally to where it was originally targeted?
from How does Charles proxy work when proxying SSL traffic?
No comments:
Post a Comment