I see no reason why you can't set up a pass-through proxy by using whatever fudged SSL certificate client side it wants you to for a MitM. That does not contradict HTTPS security, since it is the client app that "willingly decides" to trust an additional cert. authority.
I am not in the thick of things here - but i heard from a 3rd party they've had problems setting Charles Proxy as MitM - but success using https://mitmproxy.org/ with Roku.
@tim_beynart - what did your inquiry with us resulted in?
@RokuNB We never got documentation for Charles. Last I heard it was "coming soon". For obvious reasons we were told any SSL interception activity with a Roku is not approved or sanctioned by Roku, so they were doing us a favor. Which is nice, thank you Our dev and qa teams use Charles as a primary tool, and tools like Wireshark and MitM are not nearly as user friendly. That's why we make so much noise about getting Charles specifically to work. What I would like to understand is exactly why installing the Charles cert on the Roku doesn't work. I can forward port 443 to Charles (using a firewall script in a DDWRT router) but it just results in garbage in the Charles UI and failed requests.
I have found an alternative way to capture and debug any network requests, even https, coming from Roku through a combination of reverse proxying and map remote settings on Charles proxy. Though the app would need to be modified to replace the host of the targeted URL with the IP address of the machine the reverse proxy is set up. Not only would I capture REST api requests but I'm able to capture playback URL and its chunks and license requests.
@pmpascua Does this work for arbitrary HTTPS urls? We need to track ad beacons, which can be pretty much any domain. I'm not sure how modifying the host in the app, then trying to use map remote, would work in this case. Any idea?
Reverse proxy is only applicable when you know the remote host name beforehand and that you programmatically replace the host of the remote url with your ip address. So if your app can't do that before the request is made then this is not the right tool for you.
When I use this script on my Mac, it slows the internet speed and the application won't open on Roku. I'm following all the steps below. I need high-speed internet access to monitor video streaming data on Roku apps.
1) Connect a Cat 5 ethernet cable to your Roku and your Mac's ethernet port (I used the thunderbolt adapter) 2) Go to System Preferences -> Sharing -> Internet Sharing 3) Under "Share your connection from: ", select your WiFi. Then under "To computers using: ", select Thunderbolt Ethernet. 5) Start up Charles and take note of the HTTP Proxy port set under Proxy Settings, by default its 8888. Make sure "Enable transparent HTTP Proxying" is checked. 6) To route all traffic to the Charles proxy, we need to set the following Port Forwarding rule in the OS X terminal: echo " rdr pass inet proto tcp from any to any port http -> 127.0.0.1 port 8888 rdr pass inet proto tcp from any to any port https -> 127.0.0.1 port 8888 rdr pass inet proto udp from any to any port http -> 127.0.0.1 port 8888 rdr pass inet proto udp from any to any port https -> 127.0.0.1 port 8888 " | sudo pfctl -ef -
Also, how do I delete the port forwarding rule once its done?