Not all APIs are documented. In a recent project — [VSCodeThemes,](https://vscodethemes.com/) I set out to scrape the [Visual Studio Marketplace](https://marketplace.visualstudio.com/) without an official API.

Using Chrome’s network inspector and capturing requests made from the [VSCode](https://hackernoon.com/tagged/vscode) desktop app, I was able reverse [engineer](https://hackernoon.com/tagged/engineer) the marketplace API.

This post will cover how you can use [Postman](https://www.getpostman.com/) to intercept HTTP requests from [Electron](https://electronjs.org/) applications with only a few clicks.

### Start Postman’s proxy

This first thing you’re going to do is open Postman. If you don’t have it you can download it from [here](https://www.getpostman.com/).

Once it’s opened, configuring Postman’s [proxy server](https://www.getpostman.com/docs/v6/postman/sending_api_requests/proxy) is as simple as clicking on the _Satellite_ icon.

![](https://hackernoon.com/hn-images/1*ok4dbqvMTMpb23p5LtBn9w.png)

Click the **Satellite** icon to configure the proxy server.

Using the defaults will start the proxy server on port 5555 and log all output to [history](https://www.getpostman.com/docs/v6/postman/sending_api_requests/history). Click the Connect button to start the proxy server.

### Open the Electron app

With the proxy server started, any requests made to it will be logged and allow you to replay them later. The next step is to configure the Electron app to send requests through the proxy.

Since Electron apps are built on top of chromium, we can use a couple command line arguments to redirect HTTP requests made inside the app to the proxy server.

Using VSCode as an example, open the Electron app with:

![](https://hackernoon.com/hn-images/1*PxcGBgcgjpGBpBctqm-i8g.png)

Open VSCode from Terminal (macOS). [Copy the command](https://gist.githubusercontent.com/jschr/7fbdbd41ef092a1282ffaa23c45bc2a1/raw/f6e2c7f6970a5db0ccd086a4455d6d33d73aff30/open.sh).

Anything after `--args` is passed as arguments to the app. We’re going to add two flags to route traffic to the proxy server and enable HTTPS.

The first one, `--proxy-server` tells chromium to use a [custom proxy configuration](https://www.chromium.org/developers/design-documents/network-settings#TOC-Command-line-options-for-proxy-settings). Setting this to `localhost:5555` will route all requests to the Postman proxy server.

The second argument, `--ignore-certificate-errors` will temporarily disable certificate checks. Without it, the Electron app will error sending any requests over HTTPS.

### Send requests to the proxy

Now that the Electron app is configured to route HTTP requests through our proxy, all we need to do is trigger the relevant API calls.

In this example, we search for extensions to find out which endpoint we need to scrape the Visual Studio Marketplace.

![](https://hackernoon.com/hn-images/1*otwMmEVUZvntTD9Xld2frg.png)

Sending queries from VSCode to Postman Proxy.

### Browse Postman history

While making requests, you’ll start to see them appear in Postman’s history tab. This is where you can browse the requests made by the Electron app.

![](https://hackernoon.com/hn-images/1*ERp_Ioj_a_sH3-zoUqtDkg.png)

Browsing requests made through Postman requests.

Clicking _Send_ on a request will let you see the full response. Since there’s no documentation, changing parameters and seeing how it affects the response will help you reverse engineer the API.

### Conclusion

Intercepting HTTP requests from Electron apps with Postman is really simple to setup. This of course only works for Electron apps. Check out [Charles proxy](http://Charles%20proxy%20https://www.charlesproxy.com/) for a full-featured tool to intercept all HTTP traffic from your computer.

Happy hacking!

Too Long; Didn't Read

Cassandra Forward a free Cassandra-focused community event

Intercepting HTTP requests from Electron apps with Postman

Too Long; Didn't Read

Company Mentioned

@_jschr

RELATED STORIES