Your Digital Media Has Never Looked So Good

 
ankur275
Posts: 2
Joined: Fri Oct 14, 2016 3:54 pm

Re: Roku device charles set up

Mon Jun 12, 2017 5:46 pm

+1 on this topic guys. Any help wrt getting https calls to show in Charles is much appreciated.

Here is what our test setup looks like-
- A mac with ethernet in connected and wifi sharing enabled.
- Charles proxy running on the mac.
- A roku device connected to the mac's hotspot.
- Following rules added to NAT table so that traffic is redirected to Charles:
rdr on bridge100 inet proto tcp from 192.168.2.0/24 to any port = 80 -> 127.0.0.1 port 8888
rdr on bridge100 inet proto tcp from 192.168.2.0/24 to any port = 443 -> 127.0.0.1 port 8888

If the app does not have the Charles certificate, the https calls just fail. So we have to comment out the entry for redirecting port 443 traffic.

I am wondering how can we install the Charles certificate on the Roku device itself (like on iOS/Android), so that any app using https on that roku will trust the certificate and we can see its traffic in Charles. 
 
tim_beynart
Posts: 120
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Tue Jun 13, 2017 7:41 am

I have not gotten this to work for HTTPS at all. I tried every way to install a Charles cert I could think of, as did multiple other people here at work.
Wireshark is an option to at least see the HTTPS requests happening (not decrypted), but it it hideous to work with. Charles is part of our workflow for all other devices and platforms, I really wish Roku would add the ability to define a proxy like iOS and Android.
We reached out to Roku for assistance and are waiting for some guidance. 
 
HaivisionEMH
Posts: 1
Joined: Sat Nov 19, 2016 1:12 pm

Re: Roku device charles set up

Tue Aug 01, 2017 10:08 am

+1.  Anything from Roku on this?
 
User avatar
Tyler Smith
Posts: 95
Joined: Thu Apr 14, 2016 10:51 am
Location: Nova Scotia, Canada
Contact:

Re: Roku device charles set up

Tue Aug 08, 2017 11:59 am

I'm 99% sure that you cannot do this.
The entire purpose of HTTPS is to prevent this.
Tyler Smith
Senior Developer, REDspace
redspace.com
 
tim_beynart
Posts: 120
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Tue Aug 08, 2017 12:44 pm

Care to explain why? You can easily set up MITM with Charles on desktop. I am not a networking guru, so I would love a simple explanation of why this is impossible on a Roku.
 
User avatar
RokuNB
Posts: 217
Joined: Fri Mar 31, 2017 2:22 pm

Re: Roku device charles set up

Tue Aug 08, 2017 6:14 pm

I see no reason why you can't set up a pass-through proxy by using whatever fudged SSL certificate client side it wants you to for a MitM. That does not contradict HTTPS security, since it is the client app that "willingly decides" to trust an additional cert. authority.

I am not in the thick of things here - but i heard from a 3rd party they've had problems setting Charles Proxy as MitM - but success using https://mitmproxy.org/ with Roku.

@tim_beynart - what did your inquiry with us resulted in?
 
tim_beynart
Posts: 120
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Wed Aug 09, 2017 10:24 am

@RokuNB We never got documentation for Charles.  Last I heard it was "coming soon". For obvious reasons we were told any SSL interception activity with a Roku is not approved or sanctioned by Roku, so they were doing us a favor. Which is nice, thank you  :D
Our dev and qa teams use Charles as a primary tool, and tools like Wireshark and MitM are not nearly as user friendly.  That's why we make so much noise about getting Charles specifically to work. 
What I would like to understand is exactly why installing the Charles cert on the Roku doesn't work. I can forward port 443 to Charles (using a firewall script in a DDWRT router) but it just results in garbage in the Charles UI and failed requests. 

Who is online

Users browsing this forum: thekeshavgoel and 3 guests