Capture HTTP requests in Postman

Follow these steps if you're on Linux (all Postman versions), macOS (Postman v10.16 or earlier), or Windows (Postman v10.17 or earlier). If you're on macOS (Postman v10.17 or later) or Windows (Postman v10.18 or later), go to Capturing requests with the Postman proxy instead. To check which version of Postman you're using, select the settings icon Settings icon in the header and select Settings > About.

If you are using APIs to build client-side applications like mobile apps, websites, or desktop applications, you may want to inspect the actual HTTP and HTTPS request traffic that's being sent and received in the application. Sometimes you might discover APIs that aren't even documented. You can capture network traffic, including requests, responses, and cookies, using the proxy that's built into Postman.

You can also use the Postman proxy to automatically sync cookies from a browser to the Postman cookie jar. Learn more about syncing cookies.

How the built-in proxy works

The Postman app has a built-in proxy that can capture HTTP and HTTPS traffic. Here's how it works:

  1. The Postman app listens for any calls made by a client app or device using the proxy.
  2. The Postman proxy captures the request and forwards it to the server.
  3. The server returns a response to the Postman proxy, where it can also be saved.
  4. The response is returned back to the client.
postman capture proxy

Similar to the Interceptor extension, the Postman app proxy intercepts and captures your requests. Additionally, it can capture responses and cookies.

After you start the Postman proxy, you can start a proxy debug session, which is a time-bound session of traffic capture. You can start, pause, and stop a proxy debug session, then later start another one. Each debug session is logged in the History tab, and displays the total session time, a traffic overview, and all traffic captured. You can also send requests and responses to a collection, and save cookies to the Postman cookie jar.

Using the Postman proxy

In the steps below, you will use the Postman app's proxy to inspect HTTP communication going to and from a phone. To get started, make sure your computer and phone are connected to the same local wireless network.

Step 1: Enable the proxy

You can't use the Postman proxy with the Postman web app. Make sure you've installed the Postman desktop app.

  1. Select Capture icon Capture requests in the Postman footer.

  2. In the Capture requests window, select the Via Proxy tab.

    Capture via proxy tab
  3. In the upper right, select Enable proxy.

  4. Enter a port number. By default, it's set to port 5555. Make a note of the port number you've used; you will use it later when configuring clients.

  5. Select Enable Proxy.

The proxy is running, but it won't capture traffic until you start a proxy debug session.

Step 2: Start the proxy debug session

After the proxy is running, you can start a proxy debug session. This is a time-bound session where captured traffic is saved in an entry in the History tab, and optionally into a collection. Once a proxy debug session is started, you can then pause, restart, or stop it. Before you start the session, you can select what traffic you want to go into it.

You can only have a single proxy or interceptor debug session running at the same time.

To start a proxy debug session, do the following:

  1. Go to the Via Proxy tab of the Capture requests window.

  2. Select Save Responses for Requests to save each request's responses. They will be saved along with the captured requests.

    In responses with a content-type that has images, audio, or video, the content is intercepted but not captured. The only information captured is response headers, time taken, and the status code.

  3. Select Capture Cookies if you want to capture cookies in addition to requests during the debug session.

    You can also capture cookies and sync them to Postman without starting a debug session. Learn more about syncing cookies.

  4. Requests will be saved in a debug session in the History tab in the sidebar. Select Save requests to a collection and select a collection from the list to also save the requests there. To create a new collection in which to save requests, enter a name for the new collection and select the Create action.

  5. If you save requests and responses to a collection, they're added chronologically by default. You can alternately group them in folders organized by domain name or endpoints. Under Organize requests by, select Domain name, Endpoints, or both. Your requests and responses are then organized in folders in the selected collection.

  6. Under Configure Incoming Requests, there are more options you can use to limit the requests and responses captured:

    • URL must contain - Only capture URLs containing the specified string or regular expression.
    • URL cannot contain - Don't capture URLs containing the specified string or regular expression.
    • Methods - Only capture the selected methods.
    • Resources - Exclude requests with image, JS, or CSS responses.
  7. Select Start Capture.

The proxy debug session is started, but it won't capture anything until a device is configured with the proxy.

Step 3: Configure the proxy on a client device

  1. Find the local IP address of the machine running the proxy:

    • On macOS, you can find the computer's IP address in System Preferences > Network. Select a network interface, and the IP address of your system will be shown on the right:

      system preferences
    • On Windows, select Start > Settings > Network & internet > Wi-Fi or Ethernet. Your IP address is listed under Properties.

  2. Open the wireless settings of your client device and update the configuration of the network connection to use an HTTP Proxy. For example, in iOS:

    1. Select Settings > Wi-Fi.
    2. Select Information icon next to a Wi-Fi connection.
    3. Select HTTP Proxy > Configure Proxy > Manual.
    4. Set Server and Port to the local IP address and proxy port.
    5. Select Save.
  3. In the Postman app, open the Proxy debug session window. Open the device's web browser or application and HTTP traffic will start passing through the app or the browser.

Configuring a proxy on other devices

The broader development community has published some useful tutorials for setting up a proxy server on various operating systems:

Step 4: Run the proxy debug session

While your capture session is running, the Proxy Debug Session window will show captured traffic as you use the browser or apps on the client device.

There are several controls you can use to limit, organize, and investigate traffic as it's captured:

  • Select the name Proxy debug session and enter another name to change the window name.
  • The Configure incoming requests controls at the top of the window enable you to limit captured traffic. Select items from Methods, Status Codes, Resources, and URL to limit the traffic. These controls are similar to the ones you set initially in Step 2 above, but they limit what's being captured, instead of what's going through the proxy.
  • Select or deselect Save Responses for Requests and Capture Cookies to choose whether to collect responses or cookies.
  • Select the Requests tab to get information about incoming requests and responses, or Cookies to get information about captured cookies.
  • Use the search box to find specific requests.
  • Select > next to a request to expand it for more details.
  • Select the URL in the URL column to open the request as a new API request in Postman.
  • Below the request list, there are controls to change the collection where the traffic is being sent, and if it needs to be grouped by domain name or endpoints.

When you select one or more requests from the list on the Requests tab, you can use the following controls:

  • Delete icon Delete - delete the request.

When you select one or more cookies from the list on the Cookies tab, you can use the following controls:

  • + Add to Cookie Jar - add the request to the Postman cookie jar.

  • Delete icon Delete - delete the cookie.

The bottom right corner shows the total time of the capture session, along with the total size of captured traffic. If you want to temporarily stop the capture session, select Pause. To restart the session, select Resume.

Step 5: Stop the debug session and proxy

When you're done with your debug session, select Stop in the lower right corner. This will finish the debug session, and results of the debug session will be saved in the History tab.

After stopping the session, the proxy is still running. Select Capture icon Capture requests in the Postman footer, and you can either start another debug session, or select Disable proxy to turn off the proxy.

Step 6: View the proxy debug session results

After completing a debug session, details from the session are located in the History tab, named Proxy debug session.

When you open a saved debug session, the top header displays the session start time, total size, duration, and source.

The Overview displays summary graphs of the traffic captured in the session. You can select graphs summarizing traffic by method, domain, data mode, or return status code.

The Requests and Cookies tabs display requests, responses, and cookies, similar to the same tabs available during a capture session. The same options for searching, expanding, saving, and deleting items described in Step 4 are available. You can also add selected requests to a collection. Use the controls at the bottom of the table to limit the number of items per page and view the pages of results.

You can rename a proxy debug session by selecting the name at the top of the window and entering a new name. Select the more actions icon More actions icon next to the debug session name to rename or delete the session.

Next steps

To also capture HTTPS data from your client devices, you'll need to add a certificate to the client. See Capturing HTTPS traffic for more details.

Last modified: 2023/08/24