Capturing HTTP requests

If you are using APIs to build client-side applications - mobile apps, websites, or desktop applications - you may want to see the actual HTTP and HTTPS request traffic that's being sent and received in the application. Sometimes you might discover APIs that aren't even documented. Postman gives you tools to see and capture this network traffic.

When using the Postman app, you can capture the HTTP traffic in one of two ways:

Built-in proxy

The Postman app has a built-in proxy that can capture HTTP traffic:

  1. The Postman app listens for any calls made by the client app or device.
  2. The Postman proxy captures the request and forwards it to the server.
  3. The server returns a response to the Postman proxy, where it can also be saved.
  4. The response is returned back to the client.

postman capture proxy

Similar to the Interceptor Chrome extension, the Postman app proxy also intercepts and captures your requests. Additionally, it can capture responses. You can log all network requests and responses under the History tab in the sidebar, or in a collection.

Using Postman's proxy example

In this tutorial, you will use Postman's proxy feature to inspect HTTP communication going to and from your phone. To get started, make sure your computer and phone are connected to the same local wireless network.

Step 1: Set up the proxy in Postman

  1. Open the Capture requests and cookies modal in the Postman app by clicking the icon in the header toolbar.

    Capture requests and cookies icon
  2. In the Requests tab, set Source to Proxy.
  3. Make note of the port mentioned in the proxy settings. In this example, it's set for the default port 5555.
  4. Set Save requests to to History to store requests in the History sidebar panel. You can also select a collection from the list and save the requests there. proxy settings modal
  5. Select Save responses to also save each request's responses. They will be saved alongside the requests in the same collection or history.

    In responses with a content-type containing images, audio, or video, content is intercepted but not captured. The only information captured is response headers, time taken, and the status code.

  6. There are additional filters you can use to limit the requests and responses captured. You can do the following:

    • Exclude requests with image, JS, or CSS responses.
    • Only capture URLs containing a string or a regular expression.
    • Not capture URLs containing a string or a regular expression.
    • Only capture the methods specified in a comma-separated list.

Grouping requests and responses

By default, requests and responses will be saved chronologically. If you save them to a collection, you can also store them grouped by domain name, endpoints, or both.

  1. In Save requests to, specify a collection to store requests and responses.
  2. Under Organize requests by, select Domain name, Endpoints, or both. Your requests and responses will be organized in folders in the selected collection.

Step 2: Find your computer's IP address

On macOS, the computer's IP address can be found in System Preferences > Network. The IP address of your system will be something like the example here 192.168.0.101.

system preferences

Step 3: Configure HTTP proxy on your mobile device

  1. Open the wireless settings of your mobile device and update the configuration of the wireless connection to use HTTP Proxy. Set the IP address with the IP you retrieved from your computer in the second step. Set the port with the port you established in Postman in Step 1.

    wireless settings on mobile device
  2. Set the proxy IP address of your device (an iPhone in this example) to the IP address you obtained from your system and port 5555.

You are all set! Head over to the Postman app, and you will start seeing the network calls listed under the History tab of the sidebar, or the collection you specified. Open your device's web browser or your application and you will start seeing HTTP traffic passing through the app or the browser.

requests under collection

Connect to proxy for target devices

The broader development community has published some useful tutorials for setting up a proxy server on various operating systems.

Requirements to use the OpenSSL module

The OpenSSL module is internally being used to generate certificate-key pairs. This module has to be installed and accessible through the command line.

OpenSSL is already installed for macOS and typically installed for Linux. For Windows systems, OpenSSL must be installed.

Install the OpenSSL module on Windows

  1. Download and install the OpenSSL module applicable for your computer from here.

    download OpenSSL installer

  2. Open the Windows Start menu and search for "Environment Variables."

    download OpenSSL installer

  3. From the results, select "Environment Variables."
  4. From the System Properties window, select "Environment Variables."

    download OpenSSL installer

  5. Select Path from User variables and then select Edit.

    download OpenSSL installer

  6. Select Browse.

    download OpenSSL installer

  7. Go to: This PC > Windows (C:) > Program Files > OpenSSL - Win64 > bin.

    download OpenSSL installer

  8. Select OK to add the folder directory. Then, select OK to confirm changes and close the remaining windows.
  9. Open Command Prompt and run openssl version to confirm the installation was successful.

    download OpenSSL installer

Capture HTTPS traffic with Postman's built-in proxy

You can use the Postman's proxy to inspect HTTPS communication from your Android, iOS, Linux, macOS, and Windows devices. After you enable the proxy feature, follow the instructions below to install the security certificate on the target devices.

macOS

  1. Go to the following location: ~/Library/Application Support/Postman/proxy.
  2. Double click on postman-proxy-ca.crt.
  3. Choose System from the keychain option and then select OK. Select System keychains
  4. Select and open the imported Postman certificate. Then select Always Trust. You can change this setting after you have completed the testing for your application. Select always trust for Postman keychain
  5. Select Always Trust only for Secure Sockets Layer(SSL). Select always trust only for SSL option

After these steps, you will be able to capture HTTPS Requests with the Postman proxy.

Windows

You need to Install the OpenSSL module to generate the certificate.

  1. From Windows File Explorer, navigate to %APPDATA%\Postman\proxy. Typically, it will be located at: C:\Users<user>\AppData\Roaming\Postman\proxy Navigate to crt file
  2. Right-click on the postman-proxy-ca.crt file and select Install Certificate. Select crt file
  3. Select the Local Machine and proceed. This will need Administrator permissions. Select local machine
  4. Select Place all certificates in the following store. Select crt store location
  5. Select Browse and then select Trusted Root Certification Authorities. Select trust root crt authorities
  6. Select OK and Next to confirm the options.
  7. Select Finish to save all configurations and import the certificate. Save configurations and import crt Select System keychains
  8. After import is complete, restart the Postman app.

Linux

CentOS and Red Hat Enterprise Linux distros

  1. Copy the postman-proxy-ca.crt certificate file from ~/.config/Postman/proxy to the /etc/pki/ca-trust/source/anchors/ directory.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/

  2. Run the command below in terminal to complete the installation:

    sudo update-ca-trust extract

Ubuntu distros

  1. Create the directory for the CA certificate with the command below.

    sudo mkdir -p /usr/share/ca-certificates/extra

  2. Copy postman-proxy-ca.crt to the new folder with the command below.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt

  3. Add the certificate to the system with the two commands below.

    sudo dpkg-reconfigure ca-certificates

    sudo update-ca-certificates

Install the certificate for use with Mozilla Firefox Browsers

  1. In Firefox and click the application menu and select Preferences. Select Firefox Preferences
  2. Select Privacy & Security, scroll down to Certificates and select View Certificates. This opens Firefox’s Certificate Manager. Select Firefox privacy settings
  3. Once the Certificate Manager is open, select Authorities tab and select on Import. Select crt manager
  4. Select the postman-proxy-ca.crt and click on Open. Select postman crt Only mark Trust this CA to identify websites and click on Ok. Select trust CA crt
  5. The certificate is installed. To verify if the certificate is installed, the Postman Proxy CA will be listed under the Authorities tab of Certificate Manager. Verify vrt install

iOS

  1. Download the postman-proxy-ca.crt certificate to the iOS device.

    transfer crt to iOS device
  2. Go to Settings > Profile Downloaded.

    iOS install cert
  3. Select Install for both of the following prompts. Installing a certificate requires the user to enter the device passcode to proceed.

    iOS install cert2

    When the certificate is installed, your device will show an installation confirmation screen like the one below.

    iOS install cert done

    Select Done to review all existing certificates.

  4. Go to Settings App > General > About > Certificate Trust Settings. Enable full trust for Postman’s root certificate.

    iOS enable trust settings
  5. Select Continue to complete the installation.

    iOS crt settings

    Confirm the certificate settings.

    iOS crt full trust settings

Use Interceptor to capture requests

See Capturing requests with Interceptor for full instructions to set up and use this method.