1
00:00:00,840 --> 00:00:03,600
‫-: Hi. Within this lecture, we are going to see

2
00:00:03,600 --> 00:00:07,380
‫how we can install the SSL certificates from Charles

3
00:00:07,380 --> 00:00:10,320
‫and now we're going to learn how to use it

4
00:00:10,320 --> 00:00:12,360
‫in an app later on.

5
00:00:12,360 --> 00:00:13,560
‫So as you can see

6
00:00:13,560 --> 00:00:18,030
‫I can browse the HTTP websites, but not the HTTPS ones.

7
00:00:18,030 --> 00:00:20,310
‫So in order to resolve this issue

8
00:00:20,310 --> 00:00:24,120
‫I'm going to open this website in my emulator

9
00:00:24,120 --> 00:00:29,120
‫So chls.pro and /ssl.

10
00:00:31,050 --> 00:00:36,050
‫So this is basically Charles proxy SSL, chls.pro/ssl.

11
00:00:37,590 --> 00:00:42,000
‫And make sure Charles proxy is opened when you do that.

12
00:00:42,000 --> 00:00:44,610
‫So it'll ask you for your pin, okay?

13
00:00:44,610 --> 00:00:47,070
‫And if you don't have a pin on your emulator

14
00:00:47,070 --> 00:00:49,260
‫it'll ask you to create one.

15
00:00:49,260 --> 00:00:53,040
‫Because that's how you can install certificates.

16
00:00:53,040 --> 00:00:55,860
‫And over here in the Charles menu,

17
00:00:55,860 --> 00:00:58,800
‫if you go to SSL proxying and say,

18
00:00:58,800 --> 00:01:03,120
‫install charles root certificate on a mobile device,

19
00:01:03,120 --> 00:01:06,240
‫it'll actually give you this instruction.

20
00:01:06,240 --> 00:01:08,040
‫So make sure you do that

21
00:01:08,040 --> 00:01:13,040
‫and make sure you find this website over here. Okay?

22
00:01:13,110 --> 00:01:14,730
‫And as you can see it says that,

23
00:01:14,730 --> 00:01:16,890
‫configure your HTTP proxy.

24
00:01:16,890 --> 00:01:19,230
‫Yeah, we have already done that.

25
00:01:19,230 --> 00:01:20,820
‫And as you can see it says that

26
00:01:20,820 --> 00:01:23,970
‫go to this charles.pro/ssl

27
00:01:23,970 --> 00:01:26,340
‫to download and install your certificate.

28
00:01:26,340 --> 00:01:29,640
‫So if it asks you to go to a different website

29
00:01:29,640 --> 00:01:33,420
‫then you should go to that website specifically.

30
00:01:33,420 --> 00:01:37,110
‫And over here it will ask you for your pin. Okay?

31
00:01:37,110 --> 00:01:40,170
‫And if you don't have a pin, you can create your own

32
00:01:40,170 --> 00:01:44,970
‫from your emulator, obviously, like in a real device, okay?

33
00:01:44,970 --> 00:01:47,040
‫And when you give that pin,

34
00:01:47,040 --> 00:01:50,070
‫it will try to install the certificate

35
00:01:50,070 --> 00:01:52,470
‫that you're trying to download.

36
00:01:52,470 --> 00:01:56,490
‫So having a pin is only way to install certificates

37
00:01:56,490 --> 00:01:59,400
‫on Android phones, even if it does not

38
00:01:59,400 --> 00:02:03,600
‫make any sense to create a pin just for that purpose.

39
00:02:03,600 --> 00:02:04,530
‫It's still the case.

40
00:02:04,530 --> 00:02:08,820
‫Just give your password, give your pin,

41
00:02:08,820 --> 00:02:10,890
‫and it will try to install it.

42
00:02:10,890 --> 00:02:13,380
‫And as you can see, I have a crash over here

43
00:02:13,380 --> 00:02:15,780
‫and I will try it one more time.

44
00:02:15,780 --> 00:02:20,280
‫And certificate installer has stopped, for some reason.

45
00:02:20,280 --> 00:02:24,360
‫I believe this is kind of a bug that we encounter

46
00:02:24,360 --> 00:02:26,070
‫in this emulator.

47
00:02:26,070 --> 00:02:29,130
‫So I can try to install it couple of times,

48
00:02:29,130 --> 00:02:31,830
‫but if it doesn't work for you,

49
00:02:31,830 --> 00:02:35,820
‫just don't be stubborn over this emulator.

50
00:02:35,820 --> 00:02:38,280
‫So we are not doing anything wrong over here

51
00:02:38,280 --> 00:02:40,020
‫but it doesn't work.

52
00:02:40,020 --> 00:02:42,930
‫So what I'm going to do, I'm going to just

53
00:02:42,930 --> 00:02:46,110
‫open another emulator, from my android studio

54
00:02:46,110 --> 00:02:48,330
‫and try with that, right?

55
00:02:48,330 --> 00:02:52,230
‫So I can actually close this down

56
00:02:52,230 --> 00:02:54,510
‫and I'm in my secure tweet app

57
00:02:54,510 --> 00:02:59,460
‫which is not actually the case in many of times

58
00:02:59,460 --> 00:03:01,560
‫that you won't have the source code

59
00:03:01,560 --> 00:03:04,620
‫but I'm not going to run the secured tweet app.

60
00:03:04,620 --> 00:03:08,820
‫I'm going to run any emulator from any project. Okay?

61
00:03:08,820 --> 00:03:10,710
‫I just opened the android studio

62
00:03:10,710 --> 00:03:12,840
‫in order to run the emulator.

63
00:03:12,840 --> 00:03:15,510
‫So you don't have to have the source codes

64
00:03:15,510 --> 00:03:18,180
‫in order to do the following thing.

65
00:03:18,180 --> 00:03:22,080
‫Just make sure you open the emulator, okay?

66
00:03:22,080 --> 00:03:23,790
‫And try with this one.

67
00:03:23,790 --> 00:03:27,720
‫So this is a different SDK, so this is a different API.

68
00:03:27,720 --> 00:03:30,030
‫So if you don't have any second emulator

69
00:03:30,030 --> 00:03:32,910
‫you can create it from your AVD manager.

70
00:03:32,910 --> 00:03:37,910
‫So let me uninstall the secure tweet app from here, okay?

71
00:03:38,130 --> 00:03:42,540
‫And let me install the current APK that we are working on.

72
00:03:42,540 --> 00:03:46,260
‫So let me just open the settings.

73
00:03:46,260 --> 00:03:47,280
‫So here you go.

74
00:03:47,280 --> 00:03:50,700
‫Let me open the settings from here because we need to

75
00:03:50,700 --> 00:03:52,560
‫configure the proxy.

76
00:03:52,560 --> 00:03:54,330
‫It's already configured for me.

77
00:03:54,330 --> 00:03:56,160
‫If it doesn't work for you

78
00:03:56,160 --> 00:03:59,220
‫you have to configure from scratch.

79
00:03:59,220 --> 00:04:01,290
‫So make sure you open the settings

80
00:04:01,290 --> 00:04:04,530
‫and make sure you open the wifi.

81
00:04:04,530 --> 00:04:05,700
‫And here you go.

82
00:04:05,700 --> 00:04:08,940
‫I have the Android wifi, and as you can see

83
00:04:08,940 --> 00:04:12,480
‫I don't get the modify network over here.

84
00:04:12,480 --> 00:04:14,370
‫So as I said before,

85
00:04:14,370 --> 00:04:17,130
‫it's different in different versions.

86
00:04:17,130 --> 00:04:21,990
‫So over here I have the modify button over here.

87
00:04:21,990 --> 00:04:25,950
‫So I'm gonna go for manual proxy.

88
00:04:25,950 --> 00:04:29,760
‫So let me go for proxy manual. Yep.

89
00:04:29,760 --> 00:04:34,760
‫So my local IP is 192 168 121 and the port is 8888.

90
00:04:36,720 --> 00:04:38,280
‫And say, okay.

91
00:04:38,280 --> 00:04:40,650
‫So we already have done this before,

92
00:04:40,650 --> 00:04:43,920
‫so I'm going to go a little faster over here.

93
00:04:43,920 --> 00:04:48,780
‫So I'm going to open the Chrome and I'm going to

94
00:04:48,780 --> 00:04:53,780
‫open the charles.pro/ssl one more time, like this, chls.

95
00:04:56,250 --> 00:05:01,250
‫And yep, it will ask me to create a certificate name.

96
00:05:01,710 --> 00:05:04,890
‫I'm gonna say charles test or something.

97
00:05:04,890 --> 00:05:08,613
‫Okay, charles proxy, maybe test.

98
00:05:09,510 --> 00:05:14,010
‫And I'm going to say, yeah, use it for VPN and apps.

99
00:05:14,010 --> 00:05:14,910
‫And here you go.

100
00:05:14,910 --> 00:05:17,100
‫Now it's installed.

101
00:05:17,100 --> 00:05:21,600
‫So I have managed to install the SSL proxy.

102
00:05:21,600 --> 00:05:24,270
‫So let me try to go to the website

103
00:05:24,270 --> 00:05:29,270
‫that I haven't actually opened before, like hotmail.com.

104
00:05:29,280 --> 00:05:30,900
‫This is an HTTPS website.

105
00:05:30,900 --> 00:05:35,160
‫And as you can see now we are able to open it,

106
00:05:35,160 --> 00:05:39,660
‫and I believe we can open my website as well, from here.

107
00:05:39,660 --> 00:05:41,400
‫Let me try this.

108
00:05:41,400 --> 00:05:44,910
‫So far we couldn't open it before, right?

109
00:05:44,910 --> 00:05:47,580
‫So now it must work.

110
00:05:47,580 --> 00:05:48,660
‫And here you go.

111
00:05:48,660 --> 00:05:50,880
‫Now it's working, right?

112
00:05:50,880 --> 00:05:51,713
‫Yep, here you go.

113
00:05:51,713 --> 00:05:54,090
‫Now we can see my website.

114
00:05:54,090 --> 00:05:56,160
‫So even though it's working right now,

115
00:05:56,160 --> 00:06:00,150
‫we can get the HTTPS data from here.

116
00:06:00,150 --> 00:06:03,960
‫We cannot actually see the traffic from our app.

117
00:06:03,960 --> 00:06:06,570
‫So if I open it, it won't come,

118
00:06:06,570 --> 00:06:09,690
‫over here, we cannot see the connections to firebase

119
00:06:09,690 --> 00:06:14,610
‫or responses from firebase, in detail at least.

120
00:06:14,610 --> 00:06:18,600
‫The reason for that, apps do not trust,

121
00:06:18,600 --> 00:06:23,600
‫the certificates that user has installed on their phone.

122
00:06:24,030 --> 00:06:27,360
‫In order for apps to trust the certificate,

123
00:06:27,360 --> 00:06:32,310
‫developers should allow the app to trust the certificates.

124
00:06:32,310 --> 00:06:37,310
‫And most of the developers do not have that intention. Okay?

125
00:06:37,350 --> 00:06:41,280
‫And if you search the internet for SSL capturing

126
00:06:41,280 --> 00:06:44,760
‫from the apps, you will see outdated versions.

127
00:06:44,760 --> 00:06:48,330
‫This has been changed three years ago

128
00:06:48,330 --> 00:06:52,050
‫and before 2000, I believe 17,

129
00:06:52,050 --> 00:06:55,860
‫we would be able to get the data,

130
00:06:55,860 --> 00:06:58,440
‫with only this kind of configuration.

131
00:06:58,440 --> 00:07:02,490
‫But right now, we need to do some further configuration

132
00:07:02,490 --> 00:07:06,510
‫to make our app to trust these certificates.

133
00:07:06,510 --> 00:07:09,810
‫So make sure you uninstall the APK

134
00:07:09,810 --> 00:07:11,970
‫because we are going to change it in a bit

135
00:07:11,970 --> 00:07:14,643
‫and meet me in the next lecture to do so.