Charles 3.0.3 released
Saturday, May 12th, 2007This month’s update to Charles 3 includes a number of exciting changes as well as the usual round of fixes and minor improvements.
SSL support has received a number of great leaps forward, with more still to come. The Repeat and Edit functions in Charles now support SSL. If you haven’t used the Repeat function yet, please try it out… it can change the way that you work when you’re testing web applications. The Edit function is even more exciting as you can change what is being sent (including editing AMF), and now you can do that over SSL as well. In the next release SSL will support the Map and Map Local tools thanks to a rewrite of the SSL handling. Let me know if you’d like to try that out ahead of time.
Also on SSL; the SSL certificate generation has been rewritten. If you’re not familiar with Charles’ SSL capabilities: Charles acts as a go-between for SSL, issuing your browser a Charles-signed certificate and then proxying the requests to the remote server. All of your traffic remains encrypted on the network, but in Charles you can view it unencrypted. It’s essential for debugging SSL applications. Now the Charles-signed certificates are now more closely based on the real certificate; they have the same server name, serial number, expiry dates and other details; the only difference is that they are signed by Charles rather than the actual Certification Authority. You must still add the Charles CA certificate to your trust certificate list if you want to avoid certificate warnings, however this new approach has a number of benefits: The server name on the Charles-signed certificate is the same as on the original so Charles won’t hide name-mismatch issues, the same goes for the expiry dates so Charles won’t hide the fact that the real certificate has expired. Because the serial number of the certificate is preserved you can now trust individual Charles-issued site certificates rather than the Charles CA certificate if you want to.
Some small improvements to the Chart mean that you can now see in-progress requests in the Chart, identified with a different colour. Previously they didn’t appear until they were completed, which made it less exciting to watch as a page downloaded.
New to the Tools menu is the Client Process tool. This is a niche tool, but really useful if you ever have occasion to wonder which application is making a certain web request. The Client Process tool is multi-platform, of course, and will show you the name of the process on the other end of each connection to Charles. Usually this is FIREFOX.EXE or iexplore.exe, but sometimes it will reveal some unexpected activity from another (possibly itself unexpected) program. The Client Process tool imposes a small delay before each connection is accepted so it’s not something I recommend running all the time. When it is running the client process information will appear in the Notes row in the General tab.
For those of you using Charles behind external proxy servers you can now use the DNS Spoofing tool like the rest of us.
Finally, a minor point but one that you’ll probably immediately notice: the ASCII viewer tab has been renamed to Text. It probably should have been renamed back in version 1.8.1 when Unicode support was implemented, but some things take time to stick out!
There is a full list of the changes on the download page, including a few more Vista fixes!