Capturing HTTP requests

If you are using APIs to build client-side applications—mobile apps, websites, or desktop applications—you may want to see the actual HTTP and HTTPS request traffic that's being sent and received in the application. Sometimes you might discover APIs that aren't even documented. You can capture this HTTP network traffic using the proxy that's built into the Postman app.

You can also capture HTTP requests in Chrome using Postman Interceptor.

Contents

How the built-in proxy works

The Postman app has a built-in proxy that can capture HTTP traffic. Here's how it works:

  1. The Postman app listens for any calls made by the client app or device.
  2. The Postman proxy captures the request and forwards it to the server.
  3. The server returns a response to the Postman proxy, where it can also be saved.
  4. The response is returned back to the client.

postman capture proxy

Similar to the Interceptor Chrome extension, the Postman app proxy also intercepts and captures your requests. Additionally, it can capture responses. You can log all network requests and responses under the History tab in the sidebar or in a collection.

Example - Using the Postman proxy

In this tutorial, you will use the Postman app's proxy feature to inspect HTTP communication going to and from your phone. To get started, make sure your computer and phone are connected to the same local wireless network.

Step 1 - Set up the proxy in Postman

  1. Select the Capture requests and cookies icon in the Postman app header.

    Capture requests and cookies icon
  2. On the Requests tab, set the Source to Proxy.

  3. Note the Port mentioned in the proxy settings. In this example, it's set for the default port 5555.

  4. For Save requests to, select History to store requests in the History sidebar panel. You can also select a collection from the list and save the requests there.

    proxy settings modal
  5. Select Save responses to also save each request's responses. They will be saved alongside the requests in the history or the selected collection.

    In responses with a content-type containing images, audio, or video, content is intercepted but not captured. The only information captured is response headers, time taken, and the status code.

  6. Select Show additional filters to see additional options you can use to limit the requests and responses captured:

    • Exclude requests with image, JS, or CSS responses.
    • Only capture URLs containing a string or a regular expression.
    • Not capture URLs containing a string or a regular expression.
    • Only capture the methods specified in a comma-separated list.

Grouping requests and responses

By default, requests and responses are saved chronologically. If you save them to a collection, you can also group them by domain name, endpoints, or both.

  1. For Save requests to, select a collection to store requests and responses.
  2. Under Organize requests by, select Domain name, Endpoints, or both. Your requests and responses are organized in folders in the selected collection.

Step 2 - Find the IP address of your computer

On macOS, the computer's IP address can be found in System Preferences > Network. The IP address of your system will be something like the example here: 192.168.0.101.

system preferences

Step 3 - Configure HTTP proxy on your mobile device

Open the wireless settings of your mobile device (an iPhone in this example) and update the configuration of the wireless connection to use HTTP Proxy.

  • Set the IP address to the IP you retrieved from your computer in Step 2 above.
  • Set the port to the port you noted in Postman in Step 1 above.
wireless settings on mobile device

You are all set! Head back to the Postman app, and you will start seeing the network calls listed under the History tab of the sidebar or in the collection you specified. Open your device's web browser or your application and you will start seeing HTTP traffic passing through the app or the browser.

requests under collection

Setting up a proxy on other devices

The broader development community has published some useful tutorials for setting up a proxy server on various operating systems:

Capturing HTTPS traffic

In addition to capturing HTTP traffic, you can use the Postman's built-in proxy to inspect HTTPS communication from your Android, iOS, Linux, macOS, and Windows devices.

You must install the postman-proxy-ca.crt certificate on your device to be able to capture secure HTTP traffic. First, set up the proxy in Postman as described above. Then follow the instructions below to install the required security certificate on the target devices.

You can disable or remove the certificate from your device if you no longer need to capture HTTPS requests.

Windows

Before you install the postman-proxy-ca.crt certificate, you must install the OpenSSL module.

Installing OpenSSL on Windows

Postman uses OpenSSL to generate certificate-key pairs. For Postman to be able to generate the postman-proxy-ca.crt certificate, the OpenSSL module must be installed on your computer and accessible through the command line.

OpenSSL is already installed for macOS and is typically installed for Linux. For Windows systems, you must install OpenSSL manually:

  1. Download and install the OpenSSL v1.1.1 installer for your operating system version. Important: OpenSSL v1.x is required to generate certificates. Later versions of OpenSSL are not supported at this time.

    During installation, make sure to select the option to copy the OpenSSL DLLs to the OpenSSL binaries (/bin) directory.

  2. Open the Windows Start menu, search for Environment Variables, and select Open.

  3. On the System Properties window, select Environment Variables.

  4. Select Path under User variables, and then select Edit.

    download OpenSSL installer

  5. Select Browse.

  6. Navigate to and select This PC > Local Disk (C:) > Program Files > OpenSSL-Win64 > bin.

    download OpenSSL installer

  7. Select OK to add the folder directory. Then select OK to confirm changes and close the remaining windows.

  8. Open a command prompt. To do this, open the Windows Start menu, search for cmd, and select Open. Enter the command openssl version to confirm that installation was successful. You should see output similar to the following:

    OpenSSL 1.1.1l 24 Aug 2021

Installing the security certificate on Windows

Before you begin, make sure to install the OpenSSL module so Postman can generate the certificate.

  1. In Windows File Explorer, navigate to the %APPDATA%\Postman\proxy folder. Typically, the folder will be located at C:\Users\<user>\AppData\Roaming\Postman\proxy.

  2. Right-click on the postman-proxy-ca.crt file and select Install Certificate.

    Select crt file

  3. Select Local Machine and select Next. This action requires Administrator permissions—select Yes to proceed.

  4. Select Place all certificates in the following store.

  5. Select Browse and then select Trusted Root Certification Authorities.

    Select trust root crt authorities

  6. Select OK and then select Next.

  7. Select Finish to import the certificate.

  8. Restart the Postman app.

macOS

  1. In the macOS Finder, navigate to the ~/Library/Application Support/Postman/proxy folder.

  2. Double-click the postman-proxy-ca.crt file.

  3. Select System in the Keychain list, and then select Add. Enter your system password to confirm the action.

  4. In Keychain Access, double-click the imported Postman certificate to open it.

    Select System keychains

  5. Expand the Trust section. Select the option to Always Trust when using this certificate, and make sure Always Trust is selected for Secure Sockets Layer(SSL). Select always trust for Postman keychain

  6. Close the certificate window. Enter your system password to update the settings.

CentOS and Red Hat Enterprise Linux

  1. Copy the postman-proxy-ca.crt certificate file from ~/.config/Postman/proxy to the /etc/pki/ca-trust/source/anchors/ directory.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/

  2. Run the command below in terminal to complete the installation:

    sudo update-ca-trust extract

Ubuntu

  1. Create the directory for the CA certificate with the command below.

    sudo mkdir -p /usr/share/ca-certificates/extra

  2. Copy postman-proxy-ca.crt to the new folder with the command below.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt

  3. Add the certificate to the system with the two commands below.

    sudo dpkg-reconfigure ca-certificates

    sudo update-ca-certificates

Installing the certificate for use with Chrome

  1. Open Google Chrome and go to the URL chrome://settings/certificates.

  2. Select Manage certificates from the list.

  3. Select the Authorities tab and then Import.

  4. Select Browse and select the ~/.config/Postman/proxy/postman-proxy-ca.crt file.

  5. Under Trust Settings, select Trust this certificate for identifying websites.

  6. Select OK.

Installing the certificate for use with Mozilla Firefox

  1. Open Firefox, select the application menu, and then select Preferences.

  2. Select Privacy & Security. Scroll down to Certificates and select View Certificates.

  3. In the Certificate Manager, select the Authorities tab, and then select Import.

  4. Select the postman-proxy-ca.crt and select Open.

  5. Select Trust this CA to identify websites and select OK.

    Select trust CA crt

iOS

  1. Download the postman-proxy-ca.crt certificate to the iOS device (for example, using AirDrop). You can find the certificate file on your computer in the following location:

    • macOS: ~/Library/Application Support/Postman/proxy
    • Windows: C:\Users\<user>\AppData\Roaming\Postman\proxy
    • Linux: ~/.config/Postman/proxy
  2. Go to Settings > Profile Downloaded, and then select Install. Enter your passcode to proceed.

  3. A security warning displays. Select Install.

  4. After the certificate is installed, select Done.

  5. Go to Settings App > General > About > Certificate Trust Settings.

  6. Enable full trust for Postman’s root certificate, and select Continue to complete the installation.

    iOS crt full trust settings

Android

The certificate installation process may differ depending on your device and Android version.

  1. Download the postman-proxy-ca.crt certificate to the Android device. You can find the certificate file on your computer in the following location:

    • macOS: ~/Library/Application Support/Postman/proxy
    • Windows: C:\Users\<user>\AppData\Roaming\Postman\proxy
    • Linux: ~/.config/Postman/proxy
  2. Open the Settings app and go to Security > Encryption & credentials.

  3. Select Install a certificate and select the CA Certificate option.

  4. A security warning displays. Select Install anyway to proceed.

  5. Browse for and select the postman-proxy-ca.crt certificate file. A message displays stating that the certificate is installed. You can now capture traffic through a web browser on Android.

Need to capture requests from an Android app? To capture requests from an Android app, you need to add a network security configuration file to your app to trust the postman-proxy-ca.crt certificate. For more information, see Trust additional CAs on the Android Developers portal.

Android certificate installed

Troubleshooting certificate issues

If you are unable to correctly install the postman-proxy-ca.crt certificate, or if the certificate is not allowing you to capture traffic, try regenerating and reinstalling the certificate.

  1. Make sure you are running Postman version 9.1 or later. See Updating Postman.

  2. On the computer where the Postman app is installed, delete the /Postman/Proxy folder. You can find the folder in the following location:

    • macOS: ~/Library/Application Support/Postman/proxy
    • Windows: C:\Users\<user>\AppData\Roaming\Postman\proxy
    • Linux: ~/.config/Postman/proxy
  3. Close and restart the Postman app. Postman regenerates the certificate.

  4. Follow the steps for your device to reinstall the certificate.