Scan Postman Traffic Through Charles

Once in my practice I made requests from Postman which responded in an unpredictable way. I suggested that Postman could somehow additionally change the request when sending it. To check this hypothesis I needed to scan Postman traffic and Charles Proxy was the right tool for this task.

Disclaimer:

Setup Charles for Postman

Fortunately, a free version of Charles is enough to complete our discovery.

  1. Go to Proxy → Proxy Settings… and fill the field HTTP Proxy = 8888 and check the box Support HTTP/2 in the «Proxy Settings» window.
Proxy Settings
Charles → Proxy → Proxy Settings

2. Then go to Proxy → SSL Proxying Settings… and check the box Enable SSL Proxying in the «SSL Proxying Settings» window.

SSL Proxying Settings
Charles → Proxy → SSL Proxying Settings

3. Add a new endpoint in the «SSL Proxying Settings» — click [Add] under Include table and fill the fields according to your API:

  • Host = covid19.richdataservices.com
  • Port = 443
Edit location
Charles → Proxy → SSL Proxying Settings → SSL Proxying → Edit location

Setup Postman for Charles

  1. Go to SETTINGS → «Proxy» tab and check: Add a custom proxy configuration, HTTP and HTTPS boxes. Fill the field Proxy Server = 127.0.0.1:8888 (port should be the same as in Charles).
Proxy tab
Postman → SETTINGS → Proxy tab

2. Go to the «General» tab and turn off SSL certificate verification.

General tab
Postman → SETTINGS → General tab

Sniff Traffic

  1. Send a GET request in Postman (Charles should be started too). If the settings are made correctly, you will receive a response.
Postman’s request
Postman’s request

2. Open Charles. You will see an inspectable request from Postman.

Charles’ Overview
Charles’ Overview
Charles’ Contents
Charles’ Contents

This method will help to debug requests and responses if you doubt about the consistency of headers transmitted by Postman.

It seems that Postman does not add anything extra to the request and cURL is quite consistent to it.

Comparison of requests in Postman and Charles

Do not forget to turn off the proxy settings in Postman when Charles is not running.

--

--

--

Quality assurance engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CSS: Oh, Oh, Oh Sweet Child o’ Mine!

Quality Versus Speed

Build and Debug C++ on Visual Studio Code for Mac

The differences between static and dynamic libraries

Function Mesh — Simplify Complex Streaming Jobs in Cloud

3 Elephants In the Scrum Room (Part 1)

How To Build A Custom GTK Widget With Haskell

How Microsoft Has Impressed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andrey Enin

Andrey Enin

Quality assurance engineer

More from Medium

API Pentesting using Postman and OWASP ZAP

API Testing with POSTMAN

Build Phygital customer experiences using AEM Screens Part 2 — Hands On Demo

What is Postman?