Capturing HTTP requests

If you are using APIs to build client-side applications - mobile apps, websites or desktop applications - you might want to see the actual HTTP and HTTPS request traffic that is being sent and received in the application. In some cases, you might discover APIs that are not even documented. Postman gives you tools to see and capture this network traffic easily. You can use the built-in proxy in the Postman native apps or use the Interceptor extension for the Postman app.

You can capture the HTTP requests using the following two ways:

Built-in proxy

Postman has a built-in proxy in the Postman app that captures the HTTP request.

  1. The Postman app listens for any calls made by the client app or device.
  2. The Postman proxy captures the request and forwards the request onward to the server.
  3. The server returns a response through the Postman proxy back to the client.

postman capture proxy

Similar to the Interceptor Chrome extension, the Postman app proxy also INTERCEPTS and captures your requests. In this scenario, the Postman app is the proxy, and you can inspect HTTP communication going out from your phone like in the following example, and log all network requests under the History tab of the sidebar.

proxy logs

Using Postman's proxy example

In this tutorial, you will use Postman's proxy feature to inspect HTTP communication going out from your phone. To get started, make sure your computer and mobile are connected to the same local wireless network.

Step 1: Set up the proxy in Postman

Open the PROXY SETTINGS modal in the Postman app (macOS) by clicking the icon in the header toolbar.

proxy icon in header

Keep a note of the port mentioned in the proxy settings. In this case, let's keep it at the default port 5555. Set the target to "History". This will cause all your requests to be captured and stored in the History sidebar panel.

proxy settings modal

Step 2: Note your computer's IP address

On OS X, the computer's IP address can be found in System Preferences > Network. The IP address of your system will be something like the example here 192.168.0.101.

system preferences

Step 3: Configure HTTP proxy on your mobile device

Open the wireless settings of your mobile device and update the configuration of the wireless connection to use HTTP Proxy. Set the IP address with the IP you retrieved from your computer in the second step. Set the port with the port you established in Postman in Step 1.

wireless settings on mobile device

Set the proxy IP address of your device (an iPhone in this example) to the IP address you obtained from your system and port 5555.

You are all set! Head over to the Postman app, and you will start seeing the network calls listed under the History tab of the sidebar. Open your device's web browser or your application and you will start seeing HTTP traffic passing through the app or the browser.

requests under History tab

Connect to proxy for target devices

The broader development community has published some useful tutorials for setting up a proxy server on various operating systems.

Capture HTTPS traffic with Postman's built-in proxy

You can use the Postman's proxy to inspect HTTPS communication from your Android, iOS, Linux, macOS, and Windows devices. After you enable the proxy feature, follow the instructions below to install the security certificate on the target devices.

macOS

  1. Go to the following location: ~/Library/Application Support/Postman/proxy
  2. Double click on postman-proxy-ca.crt
  3. Choose System from the keychain option and then select OK. Select System keychains
  4. Select and open the imported Postman certificate. Then select Always Trust. You can change this setting after you have completed the testing for your application. Select always trust for Postman keychain
  5. Select Always Trust only for Secure Sockets Layer(SSL). Select always trust only for SSL option

After these steps, you will be able to capture HTTPS Requests with the Postman proxy.

Windows

  1. From Windows File Explorer, navigate to %APPDATA%\Postman\proxy. Typically, it will be located at: C:\Users<user>\AppData\Roaming\Postman\proxy Navigate to crt file
  2. Right-click on the postman-proxy-ca.crt file and select Install Certificate. Select crt file
  3. Select the Local Machine and proceed. This will need Administrator permissions. Select local machine
  4. Select Place all certificates in the following store. Select crt store location
  5. Select Browse and then select Trusted Root Certification Authorities. Select trust root crt authorities
  6. Select OK and Next to confirm the options.
  7. Select Finish to save all configurations and import the certificate. Save configurations and import crt Select System keychains

Linux

CentOS and Red Hat Enterprise Linux distros

  1. Copy the postman-proxy-ca.crt certificate file from ~/.config/Postman/proxy to the /etc/pki/ca-trust/source/anchors/ directory.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/

  2. Run the command below in terminal to complete the installation:

    sudo update-ca-trust extract

Ubuntu distros

  1. Create the directory for the CA certificate with the command below.

    sudo mkdir -p /usr/share/ca-certificates/extra

  2. Copy postman-proxy-ca.crt to the new folder with the command below.

    sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt

  3. Add the certificate to the system with the two commands below.

    sudo dpkg-reconfigure ca-certificates

    sudo update-ca-certificates

Install the certificate for use with Mozilla Firefox Browsers

  1. Open Firefox and click on the burger menu and select Preferences. Select Firefox Preferences
  2. Select Privacy & Security, scroll down to Certificates and select View Certificates. This opens Firefox’s Certificate Manager. Select Firefox privacy settings
  3. Once the Certificate Manager is open, select Authorities tab and select on Import. Select crt manager
  4. Select the postman-proxy-ca.crt and click on Open. Select postman crt Only mark Trust this CA to identify websites and click on Ok. Select trust CA crt
  5. The certificate is installed. To verify if the certificate is installed, the Postman Proxy CA will be listed under the Authorities tab of Certificate Manager. Verify vrt install

iOS

  1. Download the certificate to the iOS device.

    transfer crt to iOS device
  2. Go to Settings > Profile Downloaded.

    iOS install cert
  3. Select Install for both of the following prompts. Installing a certificate requires the user to enter the device passcode to proceed.

    iOS install cert2

    When the certificate is installed, your device will show an installation confirmation screen like the one below.

    iOS install cert done

    Select Done to review all existing certificates.

  4. Go to Settings App > General > About > Certificate Trust Settings. Enable full trust for Postman’s root certificate.

    iOS enable trust settings
  5. Select Continue to complete the installation.

    iOS crt settings

    Confirm the certificate settings.

    iOS crt full trust settings

Requirements to use the OpenSSL module

The OpenSSL module is internally being used to generate certificate-key pairs. This module has to be installed and accessible through the command line.

OpenSSL is generally already installed for macOS and Linux (there can be cases where it is not installed). For windows systems, OpenSSL is to be installed if not installed previously.

Install the OpenSSL module on Windows

  1. Download and install the OpenSSL module applicable for your computer from here.

    download OpenSSL installer

  2. Open the Windows Start menu and search for "Environment Variables."

    download OpenSSL installer

  3. From the results, select "Environment Variables."
  4. From the System Properties window, select "Environment Variables."

    download OpenSSL installer

  5. Select Path from User variables and then select Edit.

    download OpenSSL installer

  6. Select Browse.

    download OpenSSL installer

  7. Go to: This PC > Windows (C:) > Program Files > OpenSSL - Win64 > bin.

    download OpenSSL installer

  8. Select OK to add the folder directory. Then, select OK to confirm changes and close the remaining windows.
  9. Open Command Prompt and run openssl version to confirm the installation was successful.

    download OpenSSL installer

Use Interceptor to capture requests

See Capturing requests with Interceptor for full instructions to set up and use this method.