Start Postman’s proxy
This first thing you’re going to do is open Postman. If you don’t have it you can download it from here.
Once it’s opened, configuring Postman’s proxy server is as simple as clicking on the Satellite icon.
Using the defaults will start the proxy server on port 5555 and log all output to history. Click the Connect button to start the proxy server.
Open the Electron app
With the proxy server started, any requests made to it will be logged and allow you to replay them later. The next step is to configure the Electron app to send requests through the proxy.
Since Electron apps are built on top of chromium, we can use a couple command line arguments to redirect HTTP requests made inside the app to the proxy server.
Using VSCode as an example, open the Electron app with:
--args is passed as arguments to the app. We’re going to add two flags to route traffic to the proxy server and enable HTTPS.
The first one,
--proxy-server tells chromium to use a custom proxy configuration. Setting this to
localhost:5555 will route all requests to the Postman proxy server.
The second argument,
--ignore-certificate-errors will temporarily disable certificate checks. Without it, the Electron app will error sending any requests over HTTPS.
Send requests to the proxy
Now that the Electron app is configured to route HTTP requests through our proxy, all we need to do is trigger the relevant API calls.
In this example, we search for extensions to find out which endpoint we need to scrape the Visual Studio Marketplace.
Browse Postman history
While making requests, you’ll start to see them appear in Postman’s history tab. This is where you can browse the requests made by the Electron app.
Clicking Send on a request will let you see the full response. Since there’s no documentation, changing parameters and seeing how it affects the response will help you reverse engineer the API.
Intercepting HTTP requests from Electron apps with Postman is really simple to setup. This of course only works for Electron apps. Check out Charles proxy for a full-featured tool to intercept all HTTP traffic from your computer.