Capturing HTTP requests
If you are using APIs to build client-side applications - mobile apps, websites or desktop applications - you might want to see the actual HTTP and HTTPS request traffic that is being sent and received in the application. In some cases, you might discover APIs that are not even documented. Postman gives you tools to see and capture this network traffic easily. You can use the built-in proxy in the Postman native apps or use the Interceptor extension for the Postman app.
You can capture the HTTP requests using the following two ways:
Postman has a built-in proxy in the Postman app that captures the HTTP request.
- The Postman app listens for any calls made by the client app or device.
- The Postman proxy captures the request and forwards the request onward to the server.
- The server returns a response through the Postman proxy back to the client.
Similar to the Interceptor Chrome extension, the Postman app proxy also INTERCEPTS and captures your requests. In this scenario, the Postman app is the proxy, and you can inspect HTTP communication going out from your phone like in the following example, and log all network requests under the History tab of the sidebar.
In this tutorial, you will use Postman's proxy feature to inspect HTTP communication going out from your phone. To get started, make sure your computer and mobile are connected to the same local wireless network.
Open the PROXY SETTINGS modal in the Postman app (macOS) by clicking the icon in the header toolbar.
Keep a note of the port mentioned in the proxy settings. In this case, let's keep it at the default port
5555. Set the target to "History". This will cause all your requests to be captured and stored in the History sidebar panel.
On OS X, the computer's IP address can be found in System Preferences > Network. The IP address of your system will be something like the example here
Open the wireless settings of your mobile device and update the configuration of the wireless connection to use HTTP Proxy. Set the IP address with the IP you retrieved from your computer in the second step. Set the port with the port you established in Postman in Step 1.
Set the proxy IP address of your device (an iPhone in this example) to the IP address you obtained from your system and port
You are all set! Head over to the Postman app, and you will start seeing the network calls listed under the History tab of the sidebar. Open your device's web browser or your application and you will start seeing HTTP traffic passing through the app or the browser.
The broader development community has published some useful tutorials for setting up a proxy server on various operating systems.
You can use the Postman's proxy to inspect HTTPS communication from your Android, iOS, Linux, macOS, and Windows devices. After you enable the proxy feature, follow the instructions below to install the security certificate on the target devices.
- Go to the following location: ~/Library/Application Support/Postman/proxy
- Double click on postman-proxy-ca.crt
- Choose System from the keychain option and then select OK.
- Select and open the imported Postman certificate. Then select Always Trust. You can change this setting after you have completed the testing for your application.
- Select Always Trust only for Secure Sockets Layer(SSL).
After these steps, you will be able to capture HTTPS Requests with the Postman proxy.
- From Windows File Explorer, navigate to %APPDATA%\Postman\proxy. Typically, it will be located at: C:\Users<user>\AppData\Roaming\Postman\proxy
- Right-click on the postman-proxy-ca.crt file and select Install Certificate.
- Select the Local Machine and proceed. This will need Administrator permissions.
- Select Place all certificates in the following store.
- Select Browse and then select Trusted Root Certification Authorities.
- Select OK and Next to confirm the options.
- Select Finish to save all configurations and import the certificate.
Copy the postman-proxy-ca.crt certificate file from ~/.config/Postman/proxy to the /etc/pki/ca-trust/source/anchors/ directory.
sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/
Run the command below in terminal to complete the installation:
sudo update-ca-trust extract
Create the directory for the CA certificate with the command below.
sudo mkdir -p /usr/share/ca-certificates/extra
Copy postman-proxy-ca.crt to the new folder with the command below.
sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt
Add the certificate to the system with the two commands below.
sudo dpkg-reconfigure ca-certificates
- Open Firefox and click on the burger menu and select Preferences.
- Select Privacy & Security, scroll down to Certificates and select View Certificates. This opens Firefox’s Certificate Manager.
- Once the Certificate Manager is open, select Authorities tab and select on Import.
- Select the postman-proxy-ca.crt and click on Open. Only mark Trust this CA to identify websites and click on Ok.
- The certificate is installed. To verify if the certificate is installed, the Postman Proxy CA will be listed under the Authorities tab of Certificate Manager.
Download the certificate to the iOS device.
Go to Settings > Profile Downloaded.
Select Install for both of the following prompts. Installing a certificate requires the user to enter the device passcode to proceed.
When the certificate is installed, your device will show an installation confirmation screen like the one below.
Select Done to review all existing certificates.
Go to Settings App > General > About > Certificate Trust Settings. Enable full trust for Postman’s root certificate.
Select Continue to complete the installation.
Confirm the certificate settings.
The OpenSSL module is internally being used to generate certificate-key pairs. This module has to be installed and accessible through the command line.
OpenSSL is generally already installed for macOS and Linux (there can be cases where it is not installed). For windows systems, OpenSSL is to be installed if not installed previously.
Download and install the OpenSSL module applicable for your computer from here.
Open the Windows Start menu and search for "Environment Variables."
- From the results, select "Environment Variables."
From the System Properties window, select "Environment Variables."
Select Path from User variables and then select Edit.
Go to: This PC > Windows (C:) > Program Files > OpenSSL - Win64 > bin.
- Select OK to add the folder directory. Then, select OK to confirm changes and close the remaining windows.
Open Command Prompt and run openssl version to confirm the installation was successful.
See Capturing requests with Interceptor for full instructions to set up and use this method.