Capturing HTTP requests
If you are using APIs to build client-side applications - mobile apps, websites, or desktop applications - you may want to see the actual HTTP and HTTPS request traffic that's being sent and received in the application. Sometimes you might discover APIs that aren't even documented. Postman gives you tools to see and capture this network traffic.
When using the Postman app, you can capture the HTTP traffic in one of two ways:
The Postman app has a built-in proxy that can capture HTTP traffic:
- The Postman app listens for any calls made by the client app or device.
- The Postman proxy captures the request and forwards it to the server.
- The server returns a response to the Postman proxy, where it can also be saved.
- The response is returned back to the client.
Similar to the Interceptor Chrome extension, the Postman app proxy also intercepts and captures your requests. Additionally, it can capture responses. You can log all network requests and responses under the History tab in the sidebar, or in a collection.
In this tutorial, you will use Postman's proxy feature to inspect HTTP communication going to and from your phone. To get started, make sure your computer and phone are connected to the same local wireless network.
- Open the Capture requests and cookies modal in the Postman app by clicking the icon in the header toolbar.
- In the Requests tab, set Source to Proxy.
- Make note of the port mentioned in the proxy settings. In this example, it's set for the default port
- Set Save requests to to History to store requests in the History sidebar panel. You can also select a collection from the list and save the requests there.
Select Save responses to also save each request's responses. They will be saved alongside the requests in the same collection or history.
In responses with a
content-typecontaining images, audio, or video, content is intercepted but not captured. The only information captured is response headers, time taken, and the status code.
There are additional filters you can use to limit the requests and responses captured. You can do the following:
- Exclude requests with image, JS, or CSS responses.
- Only capture URLs containing a string or a regular expression.
- Not capture URLs containing a string or a regular expression.
- Only capture the methods specified in a comma-separated list.
By default, requests and responses will be saved chronologically. If you save them to a collection, you can also store them grouped by domain name, endpoints, or both.
- In Save requests to, specify a collection to store requests and responses.
- Under Organize requests by, select Domain name, Endpoints, or both. Your requests and responses will be organized in folders in the selected collection.
On macOS, the computer's IP address can be found in System Preferences > Network. The IP address of your system will be something like the example here
Open the wireless settings of your mobile device and update the configuration of the wireless connection to use HTTP Proxy. Set the IP address with the IP you retrieved from your computer in the second step. Set the port with the port you established in Postman in Step 1.
- Set the proxy IP address of your device (an iPhone in this example) to the IP address you obtained from your system and port
You are all set! Head over to the Postman app, and you will start seeing the network calls listed under the History tab of the sidebar, or the collection you specified. Open your device's web browser or your application and you will start seeing HTTP traffic passing through the app or the browser.
The broader development community has published some useful tutorials for setting up a proxy server on various operating systems.
The OpenSSL module is internally being used to generate certificate-key pairs. This module has to be installed and accessible through the command line.
OpenSSL is already installed for macOS and typically installed for Linux. For Windows systems, OpenSSL must be installed.
Download and install the OpenSSL module applicable for your computer from here.
Open the Windows Start menu and search for "Environment Variables."
- From the results, select "Environment Variables."
From the System Properties window, select "Environment Variables."
Select Path from User variables and then select Edit.
Go to: This PC > Windows (C:) > Program Files > OpenSSL - Win64 > bin.
- Select OK to add the folder directory. Then, select OK to confirm changes and close the remaining windows.
Open Command Prompt and run openssl version to confirm the installation was successful.
You can use the Postman's proxy to inspect HTTPS communication from your Android, iOS, Linux, macOS, and Windows devices. After you enable the proxy feature, follow the instructions below to install the security certificate on the target devices.
- Go to the following location:
- Double click on
- Choose System from the keychain option and then select OK.
- Select and open the imported Postman certificate. Then select Always Trust. You can change this setting after you have completed the testing for your application.
- Select Always Trust only for Secure Sockets Layer(SSL).
After these steps, you will be able to capture HTTPS Requests with the Postman proxy.
You need to Install the OpenSSL module to generate the certificate.
- From Windows File Explorer, navigate to %APPDATA%\Postman\proxy. Typically, it will be located at: C:\Users<user>\AppData\Roaming\Postman\proxy
- Right-click on the postman-proxy-ca.crt file and select Install Certificate.
- Select the Local Machine and proceed. This will need Administrator permissions.
- Select Place all certificates in the following store.
- Select Browse and then select Trusted Root Certification Authorities.
- Select OK and Next to confirm the options.
- Select Finish to save all configurations and import the certificate.
- After import is complete, restart the Postman app.
postman-proxy-ca.crtcertificate file from
sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/
Run the command below in terminal to complete the installation:
sudo update-ca-trust extract
Create the directory for the CA certificate with the command below.
sudo mkdir -p /usr/share/ca-certificates/extra
postman-proxy-ca.crtto the new folder with the command below.
sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt
Add the certificate to the system with the two commands below.
sudo dpkg-reconfigure ca-certificates
- In Firefox and click the application menu and select Preferences.
- Select Privacy & Security, scroll down to Certificates and select View Certificates. This opens Firefox’s Certificate Manager.
- Once the Certificate Manager is open, select Authorities tab and select on Import.
- Select the postman-proxy-ca.crt and click on Open. Only mark Trust this CA to identify websites and click on Ok.
- The certificate is installed. To verify if the certificate is installed, the Postman Proxy CA will be listed under the Authorities tab of Certificate Manager.
postman-proxy-ca.crtcertificate to the iOS device.
Go to Settings > Profile Downloaded.
Select Install for both of the following prompts. Installing a certificate requires the user to enter the device passcode to proceed.
When the certificate is installed, your device will show an installation confirmation screen like the one below.
Select Done to review all existing certificates.
Go to Settings App > General > About > Certificate Trust Settings. Enable full trust for Postman’s root certificate.
Select Continue to complete the installation.
Confirm the certificate settings.
See Capturing requests with Interceptor for full instructions to set up and use this method.