« Charles v2.6 released
AMF3 reference deserializer in Java updated »

Charles v2.6.1 released

A quick maintenance release was made to Charles today. This release includes improved behaviour for the SOAP viewer and AMF viewer (specifically for AMF3 / Flex applications), and a regression bug fix in the AMF3 parser.

The regression bug was related to parsing of externalizable ActionScript 3 classes; after the improvements to the AMF3 parser in v2.6 the implementation for externalizable classes wasn’t reinstituted. Thank you to Mike and Evert for drawing my attention to the problem.

This entry was posted on Saturday, December 2nd, 2006 at 2:55 pm and is filed under Charles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Charles v2.6.1 released”

  1. Carl Says:
    December 18th, 2006 at 9:50 am

    Hi,

    Very interesting software, but I was wondering if there was anyway to prevent Charles form seing (and saving) some content.
    Indeed, Charles bypasses any anti caching implementation (using HTTP headers) which in some cases, may not be desired.

    Thanks for you response,
    Cheers,
    Carl

  2. Karl Says:
    December 18th, 2006 at 9:56 am

    Hi Carl,

    You can prevent Charles from saving content using the Ignore domains in the Recording Settings (Proxy menu). That doesn’t prevent Charles from seeing the request for other tools such as Rewrite for HTTP headers, however.

    All of the tools have lists of domain names on which you can selectively use/not use the tool. So for the No Caching tool I suggest only listing domains that you specifically don’t want to cache, rather than listing only the exceptions. Please let me know if this doesn’t fit what you’re trying to do!

    Kind regards,
    Karl

  3. Carl Says:
    December 18th, 2006 at 12:27 pm

    Karl, thanks for your answer.

    Actually, I was thinking about a server side mecanism.
    Indeed, Charles is very powerfull for web site analysis, and the side effect is that it can also be used (by hackers or whatever) to analyze the information exchanged between the client and the server.

    So, I was wondering whether there was a way to “hide” some http (get or post) requests, but on the server side.

    Intuitively, I would say no, as data are anyway transfered …

    Do confirm ? Do you have in mind a workaround ?
    Thanks,
    Carl

  4. Karl Says:
    December 18th, 2006 at 12:58 pm

    Ah I see. You’re right, there isn’t a way to hide the data. Even if you weren’t using Charles you could still use a packet capture tool such as Ethereal to see what is being transmitted on the network at a lower level.

    The only solution is to hide the payload of your requests by encrypting them… that’s a whole other issue of course!

  5. Carl Says:
    December 18th, 2006 at 1:10 pm

    Yup, indeed.

    Thanks for your answers (and reactivity).
    Carl

Leave a Reply