Set up Charles to proxy an Android device | Tealium for Android (Kotlin) |Preview of Tealium Docs

Configure Charles proxy

Use the following steps to configure Charles proxy:

Go to Proxy > Proxy Settings.
Click the Proxies tab, and in the HTTP Proxy Port field enter 8888.
Go to Proxy > SSL Proxying Settings
Click the SSL Proxying tab and select the Enable SSL Proxying checkbox to configure a location.
- By default, Charles will only perform SSL proxying for specific domains you include in the list.
- Click Add, and enter *.* in the location list above.
- If your app ceases to function correctly, it’s possible that the app is rejecting the self-signed certificate from Charles proxy. If this happens, disable the wildcard match, and list only the *.tealiumiq.com and *.tiqcdn.com Tealium domains.
The port default value is 443. You can leave this field blank, because Charles will set it automatically.

Identify your IP address

To identify your computer’s IP address:

Go to System Preferences > Network > Wifi > Advanced > TCP/IP.

On a Mac, you can hold down the Option key while clicking the network icon in the system tray.

Make note of the IPV4 Address, as it will be needed in later steps.

Configure your Android device to use the Charles proxy

Use the following steps to configure your Android device to use Charles proxy:

Go to Settings > Wifi.
Press and hold down the power key on the Wifi network device you are currently connected to.
When the modal appears, select Modify Network.
Select Show Advanced Options to display proxying options.
Under Proxy, select Manual.
In the Proxy Host Name field, enter the IPV4 address you previously saved from your development machine.
In the Proxy Port field, enter 8888, the same port you used when configuring Charles.
Click Save to save the settings and exit.
Open a browser on your device to test. Charles displays a dialog prompting you to allow or deny SSL proxying.
Click Allow. If you are not prompted to allow SSL proxying, restart Charles and try again.
Navigate to http://charlesproxy.com/getssl from your device and download the Charles SSL certificate.
On newer versions of Android, you may get an error on downloading, such as download unsuccessful. If this happens, use the following instructions:
- Go to Help > SSL Proxying > Save Charles Root Certificate.
- Change the file type from the default .pem to .cer and save in a location that you will remember for later.
- Transfer the .cer file to your device using an SD Card, USB Cable, or remote transfer such as Google Drive.
- Open the file from a file manager such as the Android File Manager, or a third party file manager such as File Commander.
- You will be prompted to save the certificate. Continue with the remaining steps.
Name the certificate and confirm it as a trusted certificate. Ensure that you disable or remove it when complete.
After the certificate is installed, set up a PIN.

Additional configuration steps for Android N and above

As of Android N, additional steps area required to to add configuration to your application so that it trusts the SSL certificates generated by Charles SSL proxying. This means that you can only use SSL proxying with applications that you control.

In order to configure your app to trust Charles, you must first add a Network Security Configuration File to your app. This file can override the system default, enabling your app to trust user-installed CA certificates, such as the Charles Root Certificate.

In your configuration file, you can optionally specify that this only applies in debug builds of your application, so that production builds use the default trust profile.

Use the following steps to add the Network Security Configuration File and reference the file in the manifest for your app:

Use the following example to create a Security Network Configuration file.

<network-security-config> 
   <debug-overrides> 
     <trust-anchors> 
       <!-- Trust user added CAs while debuggable only -->
       <certificates src="user" /> 
     </trust-anchors> 
   </debug-overrides> 
</network-security-config>

Name the file network_security_config.xml.
Copy the file to res/xml/network_security_config.xml.

Use the following example to add a reference to the network_security_config.xml file to the manifest for your app:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
   <application android:networkSecurityConfig="@xml/network_security_config" ... >
       ...
   </application>
</manifest>

For additional information, see the Android section of the Charles proxy SSL Certificates documentation.

Tips to filter your view of network traffic

The following table provides tips used to filter your view of network traffic:

Filter	Action
Filter by device	To ensure that you only view traffic from your Android device and not the local machine, go to the Proxy menu and uncheck macOS/Windows proxy. This step will disable Charles proxy for local traffic from your machine and Charles will only display traffic from remotely-connected devices.
Filter by domain	Filter your traffic to view only what you are interested in by clicking the Sequence tab in Charles and use the filter field to filter by domain, such as `collect.tealiumiq.com`. Regex is also an option if you enable it in the search settings. Enabling Regex allows you to use a `*.tealiumiq.com` filter to view all hits going to the Tealium servers.

Clear Certificates and Remove the PIN from a device

Clearing the certificate and removing the PIN from an Android device is optional.

Use the following steps to clear the certificate, remove the PIN, or both:

Open the Settings application on your Android device.
Navigate to Security > Clear Credentials at the bottom of the list of options.
Click Clear Credentials.
Confirm that you want to clear the credentials.
To remove the PIN, navigate to Settings > Lock Screen > Screen Lock and remove the PIN.

For more information, see Charles SSL Proxying and Set up Charles to proxy an iOS device.