Table of contents
1.
Introduction
2.
Capturing HTTPS Traffic in Postman
2.1.
Windows
2.2.
MacOS
2.3.
CentOS and Red Hat Enterprise Linux
2.4.
Ubuntu
2.5.
iOS
2.6.
Android
2.7.
Troubleshooting Certificate Issues
3.
Enhanced HTTP Traffic Capturing
3.1.
Advance Filtering
3.2.
Capturing or Syncing of Cookies
4.
Frequently Asked Questions
4.1.
Give some reasons to choose Postman over every other software.
4.2.
What are the various products offered by Postman?
4.3.
Which range of plans does Postman offer?
4.4.
What is the process of sending cookies with a request?
5.
Conclusion
Last Updated: Mar 27, 2024
Medium

Capturing HTTPS traffic in Postman

Author Rupal Saluja
0 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

After listening to Postman’s growth in ten years, did you wonder why it has such growth? Let us know some of the reasons behind that.

Postman allows writing test scripts, automating workflows with the help of a collection runner, capturing HTTPS requests, and forming connections. These have been made possible by using some of its features such as APIs, Requests’ Authorization, and Grouping requests. Grouping Requests require collections, Data Visualization, Analyzing API performance, Monitoring test runs, Defining API, etc. Also, it offers options for Team Collaboration, Development, and API publishing.

Notion of Capturing https requests

In this blog, we will learn about the process of capturing HTTPS Traffic Requests in different operating systems. We will also learn some aspects of enhanced capturing https techniques.

Capturing HTTPS Traffic in Postman

The Postman’s built-in proxy is used for several purposes, such as Capturing Request Data, Capturing HTTPS Traffic, Inspecting HTTPS Communication, etc. This blog will focus mainly on Capturing HTTPS Traffic in Postman. 

Firstly, set up the Proxy in Postman. To capture secure HTTP Traffic, you must install the postman-proxy-ca.crt certificate on your device.

Various aspects of capturing https traffic in postman

Follow the instructions below to proceed further and allow capturing on different Operating Systems. 

Windows

logo of windows

Installing OpenSSL Module on Windows

The OpenSSL Module is used to generate certificate-key pairs. Also, for Postman to be able to generate the postman-proxy-ca.crt certificate, the OpenSSL Module must be installed on your device and accessible through the command line.

The OpenSSL v1.1.1 installer must be downloaded and installed for your operating system. The reason we should be specific about this version is that later versions of OpenSSL are not supported at this time.

Before installing, make sure that OpenSSL DLLs files are copied to the OpenSSL binaries (/bin) directory as a part of your pre-preparation.

To install the OpenSSL Module properly, follow these steps.

☘️ In the Start Menu, search for and open the Environment Variables using System Properties Window.

☘️ Select the path under User variables and click on Edit.

☘️ Please browse through the system’s storage, find your directory, and select it. The path for the directory is mentioned below.

This PC > Local Disk (C:) > Program Files > OpenSSL-Win64 > bin

 

☘️ To add the folder directory, select ok. After that, confirm the changes and close all the remaining windows.

☘️ To confirm the installation, enter the openssl version on the command line. The output similar to OpenSSL 1.1.1l 24 Aug 2021 confirms the successful installation of the OpenSSL Module.


Installing the Security Certificate

As we already learned that OpenSSL Module is mandatory before installing the security certificate, make sure that you have installed it. In case of any doubt, you can refer to a section of this article above discussing the installation of the OpenSSL Module.

To install the security certificate, follow the steps below.

🌱 In Windows File Explorer, open the %APPDATA%\Postman\proxy folder. Usually, the folder will be located at C:\Users\<user>\AppData\Roaming\Postman\proxy.

🌱 Right-click on the postman-proxy-ca.crt file and select Install Certificate.

🌱 Select Local Machine and grant Administrator permissions. Then, select Yes to confirm the actions.

🌱 Select Place all certificates in the following store and click on Browse.

🌱 After that, select Trusted Root Certification Authorities and click on Ok.

🌱 Select Next and click on Finish to complete the process.

🌱 The certificate is imported. Now, Restart the Postman.

MacOS

logo of MacOS

For MacOS, OpenSSL is already installed, so there is no need to setup again. You are required to follow the steps further to complete the procedure.

🌸 From the macOS Finder, open the ~/Library/Application Support/Postman/proxy folder.

🌸 Open the postman-proxy-ca.crt file by double-clicking on it.

🌸 In the Keychain list, select System and then click on Add. Enter the password for confirming actions.

🌸 From the Keychain Access, open the imported Postman Certificate by double-clicking on it.

🌸 Expand the Trust Section and select Always Trust option. Selecting Always Trust option is necessary to make SSL Layer work. Make sure it is always selected.

🌸 Now, close the Certificate Window. Enter the system password for settings updation.

CentOS and Red Hat Enterprise Linux

Logos of CentOS and RedHat Linux

OpenSSL is typically installed for Linux, so there is no need to setup again. You are required to follow the steps further to complete the procedure.

🍄 Copy the security certificate file, that is, postman-proxy-ca.crt certificate file from ~/.config/Postman/proxy

to the /etc/pki/ca-trust/source/anchors/ directory.

sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /etc/pki/ca-trust/source/anchors/

 

🍄 To complete the installation, run the command below.

sudo update-ca-trust extract

Ubuntu

Logo of Ubuntu

🌷 Using the command below, create the directory for the CA Certificate.

sudo mkdir -p /usr/share/ca-certificates/extra

 

🌷 Copy the security certificate file, postman-proxy-ca.crt, to the new folder using the command below.

sudo cp ~/.config/Postman/proxy/postman-proxy-ca.crt /usr/share/ca-certificates/extra/postman-proxy-ca.crt

 

🌷 Now, add the certificate to the system using the commands below.

sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates

iOS

🌱To the iOS device, download the security certificate, that is, the postman-proxy-ca.crt certificate. You can find the certificate file on your computer in the locations given below.

macOS - ~/Library/Application Support/Postman/proxy
Windows - C:\Users\<user>\AppData\Roaming\Postman\proxy
Linux - ~/.config/Postman/proxy

 

🌱 Open the Profile Downloaded option of the Settings section.

🌱 Select Install and enter the passcode to proceed.

🌱 Read the security warning document and select Install.

🌱 After the Installation, select Done.

🌱 Go to settings, select General, About, and then go to Certificate Trust Settings.

🌱 Enable full trust for the root certificate and click on Continue to complete installation.

Android

Logo of Android

☘️ To the Android device, download the security certificate, that is, the postman-proxy-ca.crt certificate. You can find the certificate file on your computer in the locations given below.

macOS - ~/Library/Application Support/Postman/proxy
Windows - C:\Users\<user>\AppData\Roaming\Postman\proxy
Linux - ~/.config/Postman/proxy

 

☘️ Now, open the Settings app and select the Security section. Under that section, go for Encryption & Credentials option.

☘️ Choose Install a Certificate and select the CA Certificate option.

☘️ Read up on the security warning document and select Install anyway.

☘️ Browse for and select the postman-proxy-ca.crt certificate file. You will receive a message of installation. You can now capture the HTTPS Traffic.

Troubleshooting Certificate Issues

If you are facing issues installing the security certificate or the certificate is not behaving expected, there is an error. To troubleshoot those issues, you need to follow the steps mentioned below.

🥀 Ensure that you are running Postman version 9.1 or later.

🥀 On the computer where you have installed the certificate, delete the folder. You can find the location of the certificate from the given options below.

macOS - ~/Library/Application Support/Postman/proxy
Windows - C:\Users\<user>\AppData\Roaming\Postman\proxy
Linux - ~/.config/Postman/proxy

 

🥀 Close and restart the Postman to regenerate the certificate.

🥀 Now, reinstall the certificate.

Enhanced HTTP Traffic Capturing

Generally, there are two ways to capture and analyze HTTP Traffic between the Client and the Server in a session. These are the Postman Proxy and the Postman Interceptor. A Session is a timeframe for which you want to capture traffic. You can pause the capturing and clear the captured data anytime in a session.

The captured traffic or the history is used further to trigger Postman Workflows for collaboration, documentation, and much more. You can use the History Tab to look for some previously recorded sessions. Postman helps you bind the traffic in a session and analyze it in depth using additional filters.

Advance Filtering

The amount of traffic generated by your application is quite huge and diverse. With this large amount, searching for an individual-specific type of request becomes difficult. The Postman, with its latest version, has solved this problem. It brings you the ability to perform advanced filtering over the traffic captured.

The user is allowed to either search for a particular request by using the search bar or by applying advanced filters that lets them filter the requests. This search for the specific requests would be based on the response type, response code, etc.

Capturing or Syncing of Cookies

The Postman facilitates you to capture and sync cookies from your chrome based browser to the Cookie Jar created by you using Proxy or Interceptor. To sync the cookies, you need to add the domains for which you want to sync the cookies and click on Sync Cookies in the Interceptor Tab.

What is a Cookie

Using the latest release of the Postman, you can use the Proxy or Interceptor to capture cookies in the context of a session. It will also indicate the requests or responses that cause any modification in the cookie, letting you trace the changes.

Frequently Asked Questions

Give some reasons to choose Postman over every other software.

Some prominent reasons to choose Postman are listed below.

  • Accessibility
  • Use of Collections
  • Collaboration
  • Creating Environments
  • Tests’ Creation
  • Automated Testing
  • Debugging
  • Continuous Integration

What are the various products offered by Postman?

The various products offered by Postman are mentioned in the list below.

  • API Repository: Store, catalog, and collaborate API artifacts.
  • API Builder: Implement an API design workflow.
  • Tools: API Client, API Documentation, API Detection, etc.
  • Intelligence: API Governance, Security warnings, Workspaces, etc.
  • Workspaces: Public, Private, or Partner.

Which range of plans does Postman offer?

The range of plans that Postman offers ranges from a free edition to an enterprise edition. The free edition is for small projects, and the enterprise edition attracts larger projects. Postman aims to serve thousands of developers by offering custom domains, reporting, governance, analytics, and enterprise integrations.

What is the process of sending cookies with a request?

If you have requested any domain that has added a cookie, that cookie appears automatically in your request Headers Tab.

If the cookie is not visible, select the Hidden option to see some autogenerated headers.

Conclusion

In this article, we have discussed the process of capturing https traffic concerning different operating systems and saw various troubleshooting certificate issues. We have also learned enhanced capturing https traffic techniques such as advanced filtering.

We hope that this blog has helped you enhance your knowledge regarding the topic of Capturing HTTPS Traffic. If you want to learn more about Postman, you can check our articles on PostmanBrief Introduction to PostmanAPI Development in Postman, and Publishing an API in Postman.

For peeps who want to learn more about APIs, you can refer to our blogs on Web TestingAPI TestingAPIWeb Application Testing Tools, or API Reference, you can click on the respective links. Enroll in our courses, go for mock tests, solve problems available, and interview puzzles. Also, you can focus on interview stuff- interview experiences and an interview bundle for placement preparations. Do upvote our blog to help other ninjas grow.

Happy Coding!

Live masterclass