Or maybe cheapskates, since technically you're supposed to buy Charles after a 30-day trial (which didn't attempt to enforce itself in my experience.) I like Fiddler2 on Windows, and I almost had it working well on Wine/Linux, but had some issues with SSL. I should try mitmproxy for the SSL and Fiddler for the UI, but lately I haven't needed a proxy.
I just made the switch from Charles to mitmproxy. The only issue I've found with it so far is that it seems really slow in returning responses. I'm not doing anything crazy with it either, but Charles was getting content to the device way faster.
I keep hearing rumors that Apple and Google are going to require that app developers start pinning SSL certs as a security measure to help prevent the MITM cert setup demonstrated here.
That hack only works if you have root, which means you have to be jailbroken, and Apple is always trying to stop that. I keep a jailbroken device around specifically for disabling all SSL for debugging and dumping app binaries/assets.
I wish they'd just let me buy the thing rooted like Google does.
This is actually a pretty cool talk. We're kind of lulled into thinking our Apps are super secure, he seems to take them apart fairly easy, SSH seems simple to ignore.
