Firefox and Charles

02 Nov 2020, updated: 04 Jan 2021

If you want to view decrypted Firefox network traffic in Charles, you need to perform 1 extra task when compared to Chrome and Safari. You need to import the Charles root cert on your machine into Firefox.

In this example, I will proxy traffic from the NY Times homepage, via Firefox, to Charles. This tutorial uses Firefox 82


Page blocked from loading

Once you’ve enabled “SSL Proxying” (in Charles) for your specific website, Firefox will stop the page from loading

To fix this issue, you need to upload the Charles root cert

Save the Charles root certificate

Open Keychain and search for the Charles root certificate

Drag and drop it to into a folder (I saved mine to the ‘Downloads’ folder)

Open Firefox Certificate settings

Preferences -> Search for “Certificates” -> click “View Certificates…” -> Click “Authorities” tab

Import the root certificate

Click “Import” -> Find and select the previously downloaded certificate -> Click the “Trust this CA to identify websites” checkbox -> click “Ok” to save

Refresh the page

Return to your webpage and reload it. The warning message should disappear. In Charles, you should be able to see the traffic in plain text

“XK72 Ltd”

NOTE: If you scroll to ‘C’ on the “Authorities” tab, you won’t find any reference to Charles! You need to scroll all the way to ‘X’ to see it.

The issuing organisation for Charles is called “XK72 Ltd”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: