Scan Postman Traffic Through Charles
Sometimes, as a test engineer, you need to go deeper for checking API.
Once in my practice, I made requests from Postman, which responded in an unpredictable way. I suggested that Postman could somehow additionally change the request when sending it. To check this hypothesis, I needed to scan Postman traffic, and Charles Proxy was the right tool for this task.
Disclaimer:
- As an example, COVID-19 Rich Data Services API was selected, because it is open and can be accessed without token;
- Charles should be installed and configured at least for working with web applications;
- I use Charles 4.5.6 on macOS Catalina 10.15.7 and Postman 8.12.1.
Setup Charles for Postman
Fortunately, a free version of Charles is enough to complete our discovery.
- Go to Proxy → Proxy Settings… and fill in the field HTTP Proxy = 8888 and check the box Support HTTP/2 in the «Proxy Settings» window.
2. Then go to Proxy → SSL Proxying Settings… and check the box Enable SSL Proxying in the «SSL Proxying Settings» window.
3. Add a new endpoint in the «SSL Proxying Settings» — click [Add] under Include table and fill the fields according to your API:
- Host = covid19.richdataservices.com
- Port = 443
Setup Postman for Charles
- Go to SETTINGS → «Proxy» tab and check: Add a custom proxy configuration, HTTP and HTTPS boxes. Fill the field Proxy Server = 127.0.0.1:8888 (port should be the same as in Charles).
2. Go to the «General» tab and turn off SSL certificate verification.
Sniff Traffic
- Send a GET request in Postman (Charles should be started too). If the settings are made correctly, you will receive a response.
2. Open Charles. You will see an inspectable request from Postman.
This method will help to debug requests and responses if you doubt the consistency of headers transmitted by Postman.
It seems that Postman does not add anything extra to the request, and cURL is quite consistent with it.
Do not forget to turn off the proxy settings in Postman when Charles is not running.
