I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.

Did post the source somewhere at some point but my git server got corrupted and I haven't gone and fixed it. https://github.com/acheong08/apple-corelocation-experiments/...

I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.

Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .

I had excellent experiences w mitmproxy (and mitmdump) in 2016-17. At that point it was powerful and easily scriptable, making it far superior to charles for my purposes.

I'd used mitmproxy to reverse engineer browser extensions and mobile apps and it did the trick. It was quite some time ago.

Burp is free too (community edition)

https://portswigger.net/burp/communitydownload

What I really like about mitmproxy is that it runs on my server with a certificate I trusted on my phone.

I then flip on WireGuard on my phone, pointed to mitmproxy, and seamlessly all traffic from my phone is decrypted and viewable through the website on my computer.

Except of-course all the applications these days that do certificate pinning, which is annoying, but for that we have Frida.

mitmproxy isn't the gold standard; it is Burp Suite, sadly.

Burp Suite uses a subscription model. Charles a model like Sublime Text: you buy it and get to keep the version forever, major upgrades available for a discount.

I had to chuckle at this one:

> If you purchased a Charles license prior to 1 May 2008 your existing license key is still valid for Charles 5.

So I guess in past they used a model where you'd have lifetime upgrades.

Which also made me think: I recognize this name! This has to be an older piece of software. Was it published on Freshmeat in the start of this century?

There's also some TUI for Wireshark, such as frontends for tshark. I think [1] looks interesting, since it can be used with a local LLM (via Ollama).

[1] https://github.com/kspviswa/pktai

mitmproxy supports quite a few features that Charles doesn't and vice versa. You could use them as alternatives for basic browser traffic analysis (where they're both fine), but their features and capabilities cover different areas. Charles is user friendly and robust, mitmproxy has advanced scripting capabilities with a decent amount of community examples available. They complement each other.

What about ZAP? https://www.zaproxy.org/

Wireshark is extremely powerful and useful but it lives in a completely different category of tools. It's not a proxy so it can't modify traffic or inspect HTTPS [1], it's used to passively capture and analyze general network traffic and troubleshoot networking issues.

[1] without an elaborate setup, your program needs to be instructed to dump TLS encryption keys for Wireshark to read

I was a daily user of mitmproxy, until they changed all they keybindings around version 2. Tried a couple of times to get used to the new “TMUX” style, but switched to Charles Proxy.

Have mitmproxy gotten any better in usability over the years?

Just based on the images, is seems to have the same problems?

Did you just call Charles Proxy a "hidden" gem? :)

- mitmproxy (the Docker version is really easy to set up)

- Burp Proxy

- Wireshark, tshark

Fiddler is superior to Charles and always has been.

https://www.telerik.com/fiddler