Record HTTP Requests with Recorder

TL;DR

This guide shows you how to use a recorder tool (like Proxyman or Charles Proxy) to capture and inspect the HTTP requests your applications are making. This is useful for debugging, security testing, and understanding application behaviour.

Steps

1. Choose a Recorder Tool: Several tools can record HTTP traffic. Popular options include:
   • Proxyman: User-friendly interface, macOS focused. https://proxyman.io/
   • Charles Proxy: Cross-platform (Windows, macOS, Linux), powerful features. https://www.charlesproxy.com/
   • Fiddler Everywhere: Free option with good functionality. https://www.telerik.com/fiddler

   For this guide, we’ll assume you are using Proxyman, but the general principles apply to other tools.

2. Install and Configure the Recorder:
   • Download and install your chosen recorder tool.
   • Configure your system or application to use the recorder as a proxy. This usually involves setting an HTTP/HTTPS proxy address and port in your operating system’s network settings, or within the application itself. Proxyman typically uses localhost:9090 by default.
3. Configure Your Application to Use the Proxy:
   • Web Browser: Most browsers allow you to set a proxy in their settings (usually under Advanced or Network). Set it to localhost and port 9090.
   • Mobile App: For iOS, go to Settings > Wi-Fi > select your network > HTTP Proxy and choose ‘Manual’. Enter localhost and port 9090. For Android, the process varies depending on the device manufacturer; you may need a dedicated proxy app or configure it through Wi-Fi settings.
   • Desktop Application: Some applications have built-in proxy settings. Others might require environment variables (see step 4).
4. (Optional) Environment Variables for Desktop Apps:

   If your desktop application doesn’t have a GUI proxy setting, you can often use environment variables:

   • Linux/macOS: Open your terminal and set the following:

     export http_proxy=http://localhost:9090
     export https_proxy=http://localhost:9090

   • Windows (Command Prompt):

     set http_proxy=http://localhost:9090
     set https_proxy=http://localhost:9090

5. Start Recording:
   • Open the recorder tool.
   • Click the ‘Record’ or similar button to start capturing traffic. In Proxyman, this is usually a large red record button.
6. Use Your Application:

   Now, use your application as normal. All HTTP requests will be intercepted by the recorder.

7. Inspect the Requests:
   • The recorder tool will display a list of captured requests.
   • Click on a request to view its details:
     • Headers: Request and response headers (e.g., Content-Type, User-Agent).
     • Body: The data sent with the request or received in the response (e.g., JSON, XML).
     • Status Code: The HTTP status code (e.g., 200 OK, 404 Not Found).
8. Stop Recording:

   Click the ‘Stop’ button in the recorder tool when you are finished capturing traffic.

Troubleshooting

• No Traffic Captured: Double-check your proxy settings in both your system/application and the recorder tool. Ensure the application is actually using the proxy.
• SSL Errors: Some applications require you to trust the recorder’s certificate. Proxyman and Charles Proxy provide options for installing a trusted root certificate.