I’ve followed the documentation and search hits to get the postman proxy [ “capture api requests with postman” ] functionality working fine in the case of non-ssl/tls connection http traffic.
That said all my web apis and sites I want to capture app/browser/system traffic to are ssl/tls connection https traffic. I’ve yet to find any documentation or search hits that allow me to get the postman proxy functionality working for https traffic.
I’d really like to figure this out and not have to resort to fiddler install for that work, thanks.
@tmccann thanks for followup. In this case i’m trying to use postman proxy, in lieu of the way I used to use fiddler proxy, to capture chrome/edge browser, mobile device on local network and backend service HttpClient() requests against web UI and web api urls exposed using standard issue https ssl3 or tls12. Is postman proxy capable of that or is that still something a person has to turn to fiddler to do?
With any luck this is something that will come along sometime soon. In the meantime I think using something like Fiddler / Charles Proxy would be the best tool for what you are trying to accomplish.
@tmccann thanks for the clarifications. Yeah the postman interceptor extension for chrome will only cover my https openid connected [oidc] secured web api call scenarios. Not sure if it would capture ajax or spa framework [ aurelia, angular, react+redux, vue ] app calls against oauth secured web api and likewise with non-browser based app. Thanks for link to relevant tracking issue.
Good to hear https capture support has been added. On my enterprise system i have the netskope agent steering all my browser traffic, using whatever kernel layer hook it uses, to pass through their cloud web proxy farm providing casb [ cloud access security broker ] security policy enforcement services.
This has me wondering if I should use postman https capture support that makes use of the openssl generated certificate pair and windows manual proxy configuration approach OR the chrome/edge browser postman interceptor extension + postman app interceptor bridge approach. Is there a document describing the pros/cons of each of these options especially on enterprise systems with msft or netskope or other web traffic steering and casb security agents in place?
In the postman app when i click the capture requests [ and cookies ] satellite icon | interceptor | install interceptor bridge option it generates the error message “Node.js download failed \n Something went wrong while downloading the Node.js package. Read our troubleshooting doc for more information. \n Retry Download”. When i visit the “troubleshooting doc” → Using Postman Interceptor | Postman Learning Center it doesn’t provide any instructions for manually “Installing Interceptor Bridge” if you are on windows [ or linux or macos ]. It only suggests that in case of macos manually install nodejs first.
Hi @myusrn can you raise a ticket on Postman Support (https://www.postman.com/support/). We can help you out with the Interceptor installation issues and also see if we can get the proxy working in your network.
As per the pros and cons of proxy vs interceptor, proxy supports much wider use cases in terms of capturing requests on remote devices (could be a mobile phone or a remote system) and can capture traffic beyond the chrome web browser. Also, we have introduced features in Proxy such as saving responses as well as grouping your traffic intelligently to create a more comprehensive collection that can be collaborated upon. Hence we recommend you use Proxy for capturing traffic.