I don't have elaborate needs and have used Charles for many years. A few years ago I switched to https://proxyman.com and found it easier to use.
Proxyman is 100x value for 2x the price. I am not even kidding. Native UI, shortcuts, cert installation helper tools. And script editor to programmatically edit requests is so much better and powerful than Charles' request editor.
Likewise. I was a dedicated user of Charles for about a decade. It’s great, but if you are a macOS user, Proxyman is better, easier, and more macOS friendly.
[deleted]
Pretty nice.
Does it work for Xcode simulators?
I use Charles extensively (I am using it for the development I’m doing right now), and it needs to work on simulators.
Cost isn’t an issue for me. Fitness to purpose is important. I won’t cripple my development capacity, in order to save $50.
It makes working with Xcode simulators even easier by having a dedicated UI workflow to install the proxy certificates and restart the sim.
I used to face issues from time to time doing this with Charles having to restart my machine at times and not getting the certificates to work.
Proxyman makes this way nicer to work with and since switching I never faced certificate issues again.
Not trying to do an ad, but really glad I don‘t have to think about that anymore :)
Yes, Proxyman has great sim integration, including the ability to filter by apps within the sim. It's a far better macOS app than Charles, and I've never found it to be lacking a feature I used in Charles.
Cool. I appreciate the tip. I’ll give it a go.
Thanks!
When I was still working with iOS, all of us on the team switched to Proxyman and found it much better than Charles. Developer experience wise that is (features, ui/ux, etc.) We ran into some issues with Charles and found Proxyman as the alternative. Don't remember the issues but we never looked back.
It does. I find the UI better and setting it up easier too
Worth the money. And no subscription (or there weren't a subscription back then)
I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.
I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.
Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .
I was a daily user of mitmproxy, until they changed all they keybindings around version 2. Tried a couple of times to get used to the new “TMUX” style, but switched to Charles Proxy.
Have mitmproxy gotten any better in usability over the years?
Just based on the images, is seems to have the same problems?
I feel obliged to mention Fiddler. The tool I loved almost 20 years back and felt like it came from future. IIRC it was/is more powerful than Charles. Fiddler was Windows only but at one time they had builds for other platforms in works. Sadly they got acquired which changed their roadmap, and I had also moved on from Windows.
Burp Suite can do much of this as well, but the intent feels different.
Charles is very much about observing and understanding raw HTTP(S) traffic with minimal friction, which makes it handy for quick debugging, mobile app inspection, or client-side issues.
Burp leans heavily into security workflows: interception, replay, automation, and attack surface exploration. That power comes with more setup and a more opinionated UI.
I’ve found Charles useful when I want visibility without switching into “pentest mode,” whereas Burp shines when security analysis is the goal.
Just to mention an alternative option, ZAP (aka. Zed Attack Proxy) covers much of the same ground as Burp and is entirely free and Open Source.
I found Charles Proxy last year and it's fantastic. They have a mobile app too (if you need the ssl proxying for mobile apps).
I used Charles for a while and also jumped on the Proxyman bandwagon. It’s a slick tool and even works for remote debugging (i.e., an iPhone attached to your computer with a cable).
I once used Charles Proxy to change all the game configs for Candy Crush Saga on my phone back in 2013 by intercepting and replacing the API requests - I made all the puzzles have 1-2 colors and infinite powerups. I guess they didn't care much about the security because I ended up spending way more time in the game
Fantastic software that I've used for over a decade. Interacted with Karl a few years ago about Adobe's AMF format; very generous with his time.
I was surprised to learn that it's over 20 years old! https://en.wikipedia.org/wiki/Charles_Proxy
i just texted Karl to say he’s on the front page of HN. I was the same. Charles was soo good for ol AMF!! Still miss Flash.
I loved Charles, I used it for many years. It only stopped when an update changed the UI in ways that were confusing, and also the chrome network tab really did everything I need in terms of inspecting requests / responses.
How come a reverse-proxy, better than the network tab in dev tools ?
It even bypasses SSL pinning on Android using 1 click.
Even after using it for years I could never recognize all its unlabeled icons without hovering for tooltip
I emailed the author about it a decade ago but he didn’t seem convinced
Even better SIP bullshit off kext tap nic mitm intermed. certs. Fuck all the phone home stuff it’s enough.
Never learnt the use of this tool. The certificate configuration tripped my head during my work.
This gives brain damage because it doesn't make sense.
Why to check network payload when you are sure the data was sent.
I don't have elaborate needs and have used Charles for many years. A few years ago I switched to https://proxyman.com and found it easier to use.
Proxyman is 100x value for 2x the price. I am not even kidding. Native UI, shortcuts, cert installation helper tools. And script editor to programmatically edit requests is so much better and powerful than Charles' request editor.
Likewise. I was a dedicated user of Charles for about a decade. It’s great, but if you are a macOS user, Proxyman is better, easier, and more macOS friendly.
Pretty nice.
Does it work for Xcode simulators?
I use Charles extensively (I am using it for the development I’m doing right now), and it needs to work on simulators.
Cost isn’t an issue for me. Fitness to purpose is important. I won’t cripple my development capacity, in order to save $50.
It makes working with Xcode simulators even easier by having a dedicated UI workflow to install the proxy certificates and restart the sim. I used to face issues from time to time doing this with Charles having to restart my machine at times and not getting the certificates to work. Proxyman makes this way nicer to work with and since switching I never faced certificate issues again.
Not trying to do an ad, but really glad I don‘t have to think about that anymore :)
Yes, Proxyman has great sim integration, including the ability to filter by apps within the sim. It's a far better macOS app than Charles, and I've never found it to be lacking a feature I used in Charles.
Cool. I appreciate the tip. I’ll give it a go.
Thanks!
When I was still working with iOS, all of us on the team switched to Proxyman and found it much better than Charles. Developer experience wise that is (features, ui/ux, etc.) We ran into some issues with Charles and found Proxyman as the alternative. Don't remember the issues but we never looked back.
It does. I find the UI better and setting it up easier too
Looks much better, thanks for that tip
That it's an osx ONLY app.
MacOS, iOS, Windows, and Linux
One hidden gem.
The closest free alternative is https://www.mitmproxy.org/ that is not even close.
And off course, https://www.wireshark.org/ but that is too generic and with a bigger learning curve.
Worth the money. And no subscription (or there weren't a subscription back then)
I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.
Did post the source somewhere at some point but my git server got corrupted and I haven't gone and fixed it. https://github.com/acheong08/apple-corelocation-experiments/...
I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.
Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .
I was a daily user of mitmproxy, until they changed all they keybindings around version 2. Tried a couple of times to get used to the new “TMUX” style, but switched to Charles Proxy.
Have mitmproxy gotten any better in usability over the years?
Just based on the images, is seems to have the same problems?
Burp is free too (community edition)
https://portswigger.net/burp/communitydownload
I feel obliged to mention Fiddler. The tool I loved almost 20 years back and felt like it came from future. IIRC it was/is more powerful than Charles. Fiddler was Windows only but at one time they had builds for other platforms in works. Sadly they got acquired which changed their roadmap, and I had also moved on from Windows.
https://www.telerik.com/fiddler
This. I tell people tales of that beautiful tool. have you found anything for a MacOS? My hunt so far has been futile.
For macOS settled on Charles back then but not as capable as Fiddler.
https://proxyman.com/
Burp Suite can do much of this as well, but the intent feels different. Charles is very much about observing and understanding raw HTTP(S) traffic with minimal friction, which makes it handy for quick debugging, mobile app inspection, or client-side issues. Burp leans heavily into security workflows: interception, replay, automation, and attack surface exploration. That power comes with more setup and a more opinionated UI. I’ve found Charles useful when I want visibility without switching into “pentest mode,” whereas Burp shines when security analysis is the goal.
Just to mention an alternative option, ZAP (aka. Zed Attack Proxy) covers much of the same ground as Burp and is entirely free and Open Source.
I found Charles Proxy last year and it's fantastic. They have a mobile app too (if you need the ssl proxying for mobile apps).
Didn't know about that.
https://www.charlesproxy.com/documentation/ios/
Tool that can't be beaten
Wow. Charles was indispensable tool for working with HTTP apis back when I got started as an iOS dev in 2011. Great to see it still going strong.
Alltime great software
I’m on proxyman https://proxyman.com/
I used Charles for a while and also jumped on the Proxyman bandwagon. It’s a slick tool and even works for remote debugging (i.e., an iPhone attached to your computer with a cable).
I once used Charles Proxy to change all the game configs for Candy Crush Saga on my phone back in 2013 by intercepting and replacing the API requests - I made all the puzzles have 1-2 colors and infinite powerups. I guess they didn't care much about the security because I ended up spending way more time in the game
Fantastic software that I've used for over a decade. Interacted with Karl a few years ago about Adobe's AMF format; very generous with his time. I was surprised to learn that it's over 20 years old! https://en.wikipedia.org/wiki/Charles_Proxy
i just texted Karl to say he’s on the front page of HN. I was the same. Charles was soo good for ol AMF!! Still miss Flash.
I loved Charles, I used it for many years. It only stopped when an update changed the UI in ways that were confusing, and also the chrome network tab really did everything I need in terms of inspecting requests / responses.
How come a reverse-proxy, better than the network tab in dev tools ?
You can do more, e.g., changing the status code
More narrow cmdline http inspection tool https://github.com/signeen/inspect-http-proxy
Just upgraded my license today, so I guess Charles is my new Baader-Meinhof token. Great tool! The ssl proxying is especially handy.
How does "Zed Attack Proxy" (ZAP - https://www.zaproxy.org/) which is opensource and part of OWASP (https://owasp.org/www-community/Free_for_Open_Source_Applica...) compare with this and other similar proxies?
This one is truly a gem:
https://httptoolkit.com
It even bypasses SSL pinning on Android using 1 click.
Even after using it for years I could never recognize all its unlabeled icons without hovering for tooltip
I emailed the author about it a decade ago but he didn’t seem convinced
Even better SIP bullshit off kext tap nic mitm intermed. certs. Fuck all the phone home stuff it’s enough.
Never learnt the use of this tool. The certificate configuration tripped my head during my work. This gives brain damage because it doesn't make sense.
Why to check network payload when you are sure the data was sent.
-frontend developer