My comment was downvoted for some reason... perhaps I'm mistaken (haven't tried myself) but I'm fairly confident Charles can do this. I've heard of using it to reverse engineer APIs from mobile apps that use SSL, Robinhood for example.
I thought that Google and other app writers weren't keen on blindly accepting generated certificates, and used certificate pinning. Do they really accept anyone's google.com certificates?
I haven't tried it with a Google API specifically but here's their description:
> Charles does this by becoming a man-in-the-middle. Instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate). Charles receives the server’s certificate, while your browser receives Charles’s certificate. Therefore you will see a security warning, indicating that the root authority is not trusted. If you add the Charles CA Certificate to your trusted certificates you will no longer see any warnings – see below for how to do this.
> Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successfully installed the Charles root SSL certificate and can browse SSL websites using SSL Proxying in Safari, but an app fails, then SSL Pinning is probably the issue.
