How to use whistle to debug mobile applications and what are the configuration steps?

Answer

To debug mobile applications using whistle, you need to configure the mobile device's network proxy to access the network through the whistle proxy server.

Basic Configuration Steps

1. Ensure Device and Computer Are on Same Network

• Connect phone and computer to the same Wi-Fi network
• Or use USB shared network

2. Get Computer IP Address

Windows:

bash
ipconfig

Mac/Linux:

bash
ifconfig

Record the computer's IP address, for example: 192.168.1.100

3. Start Whistle

bash
w2 start

Confirm whistle is running, default port is 8899

4. Configure Phone Proxy

iOS Device:

1. Open "Settings" → "Wi-Fi"
2. Click the "i" icon next to the connected Wi-Fi
3. Scroll to bottom, find "HTTP Proxy"
4. Select "Manual"
5. Server: Enter computer IP address
6. Port: Enter 8899

Android Device:

1. Open "Settings" → "Wi-Fi"
2. Long press the connected Wi-Fi
3. Select "Modify network" or "Network details"
4. Show advanced options
5. Proxy: Select "Manual"
6. Proxy hostname: Enter computer IP address
7. Proxy port: Enter 8899

HTTPS Certificate Configuration

1. Access Whistle from Phone Browser

Visit in phone browser: http://computerIP:8899/

For example: http://192.168.1.100:8899/

2. Download and Install Certificate

1. Click "HTTPS" tab
2. Click "Download RootCA" to download certificate
3. Install certificate after download

iOS Certificate Installation:

1. After download, open "Settings" → "Downloaded Profile"
2. Click to install certificate
3. After installation, go to "Settings" → "General" → "About" → "Certificate Trust Settings"
4. Find whistle certificate, enable "Full Trust for Root Certificates"

Android Certificate Installation:

1. Open certificate file after download
2. Follow prompts to install certificate
3. After installation, go to "Settings" → "Security" → "Encryption & credentials" → "Trusted credentials"
4. Confirm certificate is installed

Verify Configuration

1. Test HTTP Request

Visit any website in phone browser, check if whistle management interface shows request records.

2. Test HTTPS Request

Visit HTTPS website, confirm it loads normally and whistle can intercept requests.

Common Issues and Solutions

1. Cannot Connect to Proxy

Check items:

• Confirm computer and phone are on same network
• Check if computer firewall blocks port 8899
• Confirm whistle is running
• Try pinging computer IP address

2. HTTPS Request Fails

Solutions:

• Confirm certificate is correctly installed and trusted
• Restart phone browser
• Clear browser cache
• Check if whistle HTTPS interception is enabled

3. Some Apps Cannot Be Intercepted

Reasons:

• App uses certificate pinning
• App uses custom network library
• App detects proxy environment

Solutions:

• Use debugging tools that support certificate pinning
• Perform reverse engineering on the app
• Use virtual machine or emulator for debugging

Advanced Tips

1. Use USB Debugging

For Android devices, use ADB to forward ports:

bash
adb reverse tcp:8899 tcp:8899

2. Configure Rules

Add mobile-specific rules in whistle:

shell
# Mobile-specific rules
m.example.com resBody://{mobile-mock.json}
app.example.com reqHeaders://{mobile-headers.json}

3. Capture App Network Requests

• Ensure app uses system network library
• Disable app's network detection
• Use Wi-Fi instead of mobile data

Security Considerations

1. Do Not Use on Public Networks

   • Avoid configuring proxy in public places like cafes
   • Prevent sensitive information from being stolen

2. Close Proxy After Debugging

   • Close phone proxy settings in time
   • Stop whistle service

3. Protect Certificate Security

   • Do not share certificate with others
   • Regularly replace certificate