Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Roku Employee
Roku Employee

Re: Roku device charles set up

I see no reason why you can't set up a pass-through proxy by using whatever fudged SSL certificate client side it wants you to for a MitM. That does not contradict HTTPS security, since it is the client app that "willingly decides" to trust an additional cert. authority.

I am not in the thick of things here - but i heard from a 3rd party they've had problems setting Charles Proxy as MitM - but success using https://mitmproxy.org/ with Roku.

@tim_beynart - what did your inquiry with us resulted in?
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

@RokuNB We never got documentation for Charles.  Last I heard it was "coming soon". For obvious reasons we were told any SSL interception activity with a Roku is not approved or sanctioned by Roku, so they were doing us a favor. Which is nice, thank you  Smiley Very Happy
Our dev and qa teams use Charles as a primary tool, and tools like Wireshark and MitM are not nearly as user friendly.  That's why we make so much noise about getting Charles specifically to work. 
What I would like to understand is exactly why installing the Charles cert on the Roku doesn't work. I can forward port 443 to Charles (using a firewall script in a DDWRT router) but it just results in garbage in the Charles UI and failed requests. 
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

Has anyone succeed?
0 Kudos
Highlighted

Re: Roku device charles set up

+1. Also very interested in this.
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

We are also interested to know if anyone has had any success using charles with Roku.
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

I have found an alternative way to capture and debug any network requests, even https, coming from Roku through a combination of reverse proxying and map remote settings on Charles proxy. Though the app would need to be modified to replace the host of the targeted URL with the IP address of the machine the reverse proxy is set up. Not only would I capture REST api requests but I'm able to capture playback URL and its chunks and license requests. 

Hope this helps.
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

@pmpascua Does this work for arbitrary HTTPS urls? We need to track ad beacons, which can be pretty much any domain. I'm not sure how modifying the host in the app, then trying to use map remote, would work in this case. Any idea?
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

You can capture HTTPS request this way along with the remote mapping. For example, if you want to capture https://something.com, you start off http://192.168.1.1:xxxx, then Charles will reverse proxy to http://something.com, then remote mapped to https://something.com

Reverse proxy is only applicable when you know the remote host name beforehand and that you programmatically replace the host of the remote url with your ip address. So if your app can't do that before the request is made then this is not the right tool for you. 
0 Kudos
Highlighted
Level 7

Re: Roku device charles set up

Yeah that is what I figured. This technique might work for some of our troubleshooting but won't suit all our requirements. Darn.
0 Kudos
Level 7

Re: Roku device charles set up

When I use this script on my Mac, it slows the internet speed and the application won't open on Roku. I'm following all the steps below. I need high-speed internet access to monitor video streaming data on Roku apps.

1) Connect a Cat 5 ethernet cable to your Roku and your Mac's ethernet port (I used the thunderbolt adapter)
2) Go to System Preferences -> Sharing -> Internet Sharing
3) Under "Share your connection from: ", select your WiFi. Then under "To computers using: ", select Thunderbolt Ethernet. 
5) Start up Charles and take note of the HTTP Proxy port set under Proxy Settings, by default its 8888. Make sure "Enable transparent HTTP Proxying" is checked.
6) To route all traffic to the Charles proxy, we need to set the following Port Forwarding rule in the OS X terminal:
echo "
rdr pass inet proto tcp from any to any port http -> 127.0.0.1 port 8888
rdr pass inet proto tcp from any to any port https -> 127.0.0.1 port 8888
rdr pass inet proto udp from any to any port http -> 127.0.0.1 port 8888
rdr pass inet proto udp from any to any port https -> 127.0.0.1 port 8888
" | sudo pfctl -ef -

Please help.

Also, how do I delete the port forwarding rule once its done?
0 Kudos