Scan Postman Traffic Through Charles

Sometimes, as a test engineer, you need to go deeper for checking API.

Once in my practice, I made requests from Postman, which responded in an unpredictable way. I suggested that Postman could somehow additionally change the request when sending it. To check this hypothesis, I needed to scan Postman traffic, and Charles Proxy was the right tool for this task.

Disclaimer:

As an example, COVID-19 Rich Data Services API was selected, because it is open and can be accessed without token;
Charles should be installed and configured at least for working with web applications;
I use Charles 4.5.6 on macOS Catalina 10.15.7 and Postman 8.12.1.

Charles

Setup Charles for Postman

Fortunately, a free version of Charles is enough to complete our discovery.

1. Go to Proxy → Proxy Settings… and fill in the field HTTP Proxy = 8888 and check the box Support HTTP/2 in the «Proxy Settings» window.

Charles → Proxy → Proxy Settings

Charles → Proxy → Proxy Settings

2. Then go to Proxy → SSL Proxying Settings… and check the box Enable SSL Proxying in the «SSL Proxying Settings» window.

Charles → Proxy → SSL Proxying Settings

Charles → Proxy → SSL Proxying Settings

3. Add a new endpoint in the «SSL Proxying Settings» — click [Add] under Include table and fill the fields according to your API:

Host = covid19.richdataservices.com
Port = 443

Charles → Proxy → SSL Proxying Settings → SSL Proxying → Edit location

Charles → Proxy → SSL Proxying Settings → SSL Proxying → Edit location

Setup Postman for Charles

1. Go to SETTINGS → «Proxy» tab and check: Add a custom proxy configuration, HTTP and HTTPS boxes. Fill the field Proxy Server = 127.0.0.1:8888 (port should be the same as in Charles).

Postman → SETTINGS → Proxy tab

Postman → SETTINGS → Proxy tab

2. Go to the «General» tab and turn off SSL certificate verification.

Postman → SETTINGS → General tab