- I feel obliged to mention Fiddler. The tool I loved almost 20 years back and felt like it came from future. IIRC it was/is more powerful than Charles. Fiddler was Windows only but at one time they had builds for other platforms in works. Sadly they got acquired which changed their roadmap, and I had also moved on from Windows.
https://www.telerik.com/fiddler
by cientifico
13 subcomments
- One hidden gem.
The closest free alternative is https://www.mitmproxy.org/ that is not even close.
And off course, https://www.wireshark.org/ but that is too generic and with a bigger learning curve.
Worth the money. And no subscription (or there weren't a subscription back then)
by runtimepanic
3 subcomments
- Burp Suite can do much of this as well, but the intent feels different.
Charles is very much about observing and understanding raw HTTP(S) traffic with minimal friction, which makes it handy for quick debugging, mobile app inspection, or client-side issues.
Burp leans heavily into security workflows: interception, replay, automation, and attack surface exploration. That power comes with more setup and a more opinionated UI.
I’ve found Charles useful when I want visibility without switching into “pentest mode,” whereas Burp shines when security analysis is the goal.
- I don't have elaborate needs and have used Charles for many years. A few years ago I switched to https://proxyman.com and found it easier to use.
- For my rather simple needs I've been using https://httptoolkit.com free edition, I like that it launches a independent Firefox window on its own for the intercepting so I don't have to touch my working browser or deal with configuring a proxy anywhere
by obventio56
2 subcomments
- Wait why is this on the front page? I thought this is a very established and well-known tool
by self_awareness
0 subcomment
- This one is truly a gem:
https://httptoolkit.com
It even bypasses SSL pinning on Android using 1 click.
- Wow. Charles was indispensable tool for working with HTTP apis back when I got started as an iOS dev in 2011. Great to see it still going strong.
- I found Charles Proxy last year and it's fantastic. They have a mobile app too (if you need the ssl proxying for mobile apps).
by DrBenCarson
1 subcomments
- Alltime great software
I’m on proxyman https://proxyman.com/
- How does "Zed Attack Proxy" (ZAP - https://www.zaproxy.org/) which is opensource and part of OWASP (https://owasp.org/www-community/Free_for_Open_Source_Applica...) compare with this and other similar proxies?
by doomerhunter
1 subcomments
- I am a Burp guy, but lately Caido[1] has been trending, pretty lightweight and can be ran in headless mode. It's still very security-oriented (as Burp Suite is), but might be worth your time, notably as you can run it on a VPS/container to proxy all your traffic through it (which is by-design, contrary to my beloved burp/zap)
[1] https://caido.io/
by infomaniac
1 subcomments
- Fantastic software that I've used for over a decade. Interacted with Karl a few years ago about Adobe's AMF format; very generous with his time.
I was surprised to learn that it's over 20 years old! https://en.wikipedia.org/wiki/Charles_Proxy
- I once used Charles Proxy to change all the game configs for Candy Crush Saga on my phone back in 2013 by intercepting and replacing the API requests - I made all the puzzles have 1-2 colors and infinite powerups. I guess they didn't care much about the security because I ended up spending way more time in the game
by h33t-l4x0r
0 subcomment
- I loved Charles, I used it for many years. It only stopped when an update changed the UI in ways that were confusing, and also the chrome network tab really did everything I need in terms of inspecting requests / responses.
- I’ve found tools like Charles really useful for understanding what’s happening on the wire. When I need something more repeatable (tests, offline work), I usually reach for a mock server instead. I ended up building a small one for my own use and later open-sourced it:
https://dhuan.github.io/mock/latest/examples.html
- A much better alternative for MacOS folks https://proxyman.com/
- Why not [Reqable](https://reqable.com/en-US/)? More modern, more powerful.
- Is there a story behind misusing the term "reverse proxy" as it is clearly a forward proxy?
by kyleblarson
1 subcomments
- The combination of Charles + Postman is great for reverse engineering mobile API's. Inspect traffic w/ Charles, export request to cUrl, import cUrl into Postman, play around with request headers / params / etc, export to py, use Cursor to create reusable library.
- Used it heavily as my AS3 dev times from 2008 to 2011. Crazy that is still around.
- More narrow cmdline http inspection tool https://github.com/signeen/inspect-http-proxy
by 1vuio0pswjnm7
2 subcomments
- Is this "breaking TLS", as referred to here:
https://news.ycombinator.com/item?id=46214950
- How come a reverse-proxy, better than the network tab in dev tools ?
by el_benhameen
0 subcomment
- Just upgraded my license today, so I guess Charles is my new Baader-Meinhof token. Great tool! The ssl proxying is especially handy.
- I like Burp Suite better for intercept and Squid better for a persistent proxy but maybe I'll give Charles another shot.
- Used this all of the time back in the day. Great tool.
- I'd say Reqable is a worthy mention as well.
by wahnfrieden
0 subcomment
- Even after using it for years I could never recognize all its unlabeled icons without hovering for tooltip
I emailed the author about it a decade ago but he didn’t seem convinced
- Tool that can't be beaten
- Ugh these comments - every time it's just people spewing alternatives they like better
by rightisleft
0 subcomment
- flashback to 2009 right here...
by tricker5453
1 subcomments
- [dead]
by user3939382
0 subcomment
- Even better SIP bullshit off kext tap nic mitm intermed. certs. Fuck all the phone home stuff it’s enough.
- Never learnt the use of this tool. The certificate configuration tripped my head during my work.
This gives brain damage because it doesn't make sense.
Why to check network payload when you are sure the data was sent.
-frontend developer
Hacker News