Using Python Subprocess to Run Charles Headless - Passing in Commands

Question

I'm trying to utilize Charles Proxy's web interface feature that allows you to run Charles in headless mode and control Charles using curl commands to http://control.charles.

In terminal, when I run the following commands, I get my desired output:

Charles -headless &
curl -v -x <MY IP ADDRESS HERE> http://control.charles/session/start
curl -o session.chls <MY IP ADDRESS HERE> http://control.charles/session/download

I'm trying to reproduce these commands in Python using subprocess. Initially, I tried opening 3 different subprocesses for each of the commands above, only realizing that they all need to be within the same session.

Here's my implementation, but I'm not getting any output:

charles_init = subprocess.Popen(["/bin/bash"],stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)

charles_init.stdin.write(b"Charles -headless")

charles_init.stdin.write(b"curl -v -x <MY IP ADDRESS HERE> http://control.charles/session/start")

charles_init.stdin.write(b"curl -o session.chls <MY IP ADDRESS HERE> http://control.charles/session/download")

Is the "&" in "Charles -headless &" relevant here? To my understanding, that "&" allows Charles to run in the background within a shell. Do I need to set shell=True when initially opening the subprocess?

If so, how do I avoid the security risks associated with shell=True?

If you are the only one that controls the input to the shell it is no a security risk, if user input go there it is. — Oded BD, Jan 13 '20 at 20:40

score 0 · Answer 1 · answered Jan 15 '20 at 23:56

The Charles -headless does not return (so you were running it with & in original shell command), so you will need to use & to run it in the background in your Python snippet.

Since your subprocess is already launching a shell (the /bin/bash command), the shell=True option is irrelevant.

However, I believe the best way is to run each command as its own subprocess. E.g.:

charles = subprocess.Popen(['Charles', '-headless'])  # In background already!
subprocess.run(['curl', '-v', '-x', '<MY IP ADDRESS HERE>', 'http://control.charles/session/start'])
subprocess.run(['curl', '-o', 'session.chls', '<MY IP ADDRESS HERE>', 'http://control.charles/session/download'])
# When done...
charles.kill()
charles.wait()

Using Python Subprocess to Run Charles Headless - Passing in Commands

1 Answers1