Your Digital Media Has Never Looked So Good

 
ankur275
Posts: 2
Joined: Fri Oct 14, 2016 3:54 pm

Re: Roku device charles set up

Mon Jun 12, 2017 5:46 pm

+1 on this topic guys. Any help wrt getting https calls to show in Charles is much appreciated.

Here is what our test setup looks like-
- A mac with ethernet in connected and wifi sharing enabled.
- Charles proxy running on the mac.
- A roku device connected to the mac's hotspot.
- Following rules added to NAT table so that traffic is redirected to Charles:
rdr on bridge100 inet proto tcp from 192.168.2.0/24 to any port = 80 -> 127.0.0.1 port 8888
rdr on bridge100 inet proto tcp from 192.168.2.0/24 to any port = 443 -> 127.0.0.1 port 8888

If the app does not have the Charles certificate, the https calls just fail. So we have to comment out the entry for redirecting port 443 traffic.

I am wondering how can we install the Charles certificate on the Roku device itself (like on iOS/Android), so that any app using https on that roku will trust the certificate and we can see its traffic in Charles. 
 
tim_beynart
Posts: 185
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Tue Jun 13, 2017 7:41 am

I have not gotten this to work for HTTPS at all. I tried every way to install a Charles cert I could think of, as did multiple other people here at work.
Wireshark is an option to at least see the HTTPS requests happening (not decrypted), but it it hideous to work with. Charles is part of our workflow for all other devices and platforms, I really wish Roku would add the ability to define a proxy like iOS and Android.
We reached out to Roku for assistance and are waiting for some guidance. 
 
HaivisionEMH
Posts: 1
Joined: Sat Nov 19, 2016 1:12 pm

Re: Roku device charles set up

Tue Aug 01, 2017 10:08 am

+1.  Anything from Roku on this?
 
User avatar
Tyler Smith
Posts: 108
Joined: Thu Apr 14, 2016 10:51 am
Location: Nova Scotia, Canada
Contact:

Re: Roku device charles set up

Tue Aug 08, 2017 11:59 am

I'm 99% sure that you cannot do this.
The entire purpose of HTTPS is to prevent this.
Tyler Smith
Senior Developer, REDspace
redspace.com
 
tim_beynart
Posts: 185
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Tue Aug 08, 2017 12:44 pm

Care to explain why? You can easily set up MITM with Charles on desktop. I am not a networking guru, so I would love a simple explanation of why this is impossible on a Roku.
 
User avatar
RokuNB
Posts: 308
Joined: Fri Mar 31, 2017 2:22 pm

Re: Roku device charles set up

Tue Aug 08, 2017 6:14 pm

I see no reason why you can't set up a pass-through proxy by using whatever fudged SSL certificate client side it wants you to for a MitM. That does not contradict HTTPS security, since it is the client app that "willingly decides" to trust an additional cert. authority.

I am not in the thick of things here - but i heard from a 3rd party they've had problems setting Charles Proxy as MitM - but success using https://mitmproxy.org/ with Roku.

@tim_beynart - what did your inquiry with us resulted in?
 
tim_beynart
Posts: 185
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Wed Aug 09, 2017 10:24 am

@RokuNB We never got documentation for Charles.  Last I heard it was "coming soon". For obvious reasons we were told any SSL interception activity with a Roku is not approved or sanctioned by Roku, so they were doing us a favor. Which is nice, thank you  :D
Our dev and qa teams use Charles as a primary tool, and tools like Wireshark and MitM are not nearly as user friendly.  That's why we make so much noise about getting Charles specifically to work. 
What I would like to understand is exactly why installing the Charles cert on the Roku doesn't work. I can forward port 443 to Charles (using a firewall script in a DDWRT router) but it just results in garbage in the Charles UI and failed requests. 
 
kidasov
Posts: 21
Joined: Mon Sep 25, 2017 11:54 pm

Re: Roku device charles set up

Tue Oct 17, 2017 11:32 pm

Has anyone succeed?
 
Michal Laskowski
Posts: 1
Joined: Mon Oct 23, 2017 3:07 am

Re: Roku device charles set up

Wed Oct 25, 2017 3:34 am

+1. Also very interested in this.
 
User avatar
bbrouse
Posts: 73
Joined: Mon Apr 11, 2011 10:48 am

Re: Roku device charles set up

Mon Oct 30, 2017 7:43 am

We are also interested to know if anyone has had any success using charles with Roku.
 
pmpascua
Posts: 26
Joined: Thu Nov 24, 2016 9:27 am

Re: Roku device charles set up

Thu Nov 02, 2017 8:42 am

I have found an alternative way to capture and debug any network requests, even https, coming from Roku through a combination of reverse proxying and map remote settings on Charles proxy. Though the app would need to be modified to replace the host of the targeted URL with the IP address of the machine the reverse proxy is set up. Not only would I capture REST api requests but I'm able to capture playback URL and its chunks and license requests. 

Hope this helps.
 
tim_beynart
Posts: 185
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Thu Nov 02, 2017 11:09 am

@pmpascua Does this work for arbitrary HTTPS urls? We need to track ad beacons, which can be pretty much any domain. I'm not sure how modifying the host in the app, then trying to use map remote, would work in this case. Any idea?
 
pmpascua
Posts: 26
Joined: Thu Nov 24, 2016 9:27 am

Re: Roku device charles set up

Thu Nov 02, 2017 11:19 am

You can capture HTTPS request this way along with the remote mapping. For example, if you want to capture https://something.com, you start off http://192.168.1.1:xxxx, then Charles will reverse proxy to http://something.com, then remote mapped to https://something.com

Reverse proxy is only applicable when you know the remote host name beforehand and that you programmatically replace the host of the remote url with your ip address. So if your app can't do that before the request is made then this is not the right tool for you. 
 
tim_beynart
Posts: 185
Joined: Wed Jul 15, 2015 8:30 am

Re: Roku device charles set up

Sun Nov 05, 2017 9:33 am

Yeah that is what I figured. This technique might work for some of our troubleshooting but won't suit all our requirements. Darn.

Who is online

Users browsing this forum: destruk and 2 guests