Intercepting HTTP requests from Electron apps with Postman

Not all APIs are documented. In a recent project — I set out to scrape the without an official API. VSCodeThemes, Visual Studio Marketplace Using Chrome’s network inspector and capturing requests made from the desktop app, I was able reverse the marketplace API. VSCode engineer This post will cover how you can use to intercept HTTP requests from applications with only a few clicks. Postman Electron Start Postman’s proxy This first thing you’re going to do is open Postman. If you don’t have it you can download it from . here Once it’s opened, configuring Postman’s is as simple as clicking on the icon. proxy server Satellite Click the icon to configure the proxy server. Satellite Using the defaults will start the proxy server on port 5555 and log all output to . Click the Connect button to start the proxy server. history Open the Electron app With the proxy server started, any requests made to it will be logged and allow you to replay them later. The next step is to configure the Electron app to send requests through the proxy. Since Electron apps are built on top of chromium, we can use a couple command line arguments to redirect HTTP requests made inside the app to the proxy server. Using VSCode as an example, open the Electron app with: Open VSCode from Terminal (macOS). . Copy the command Anything after is passed as arguments to the app. We’re going to add two flags to route traffic to the proxy server and enable HTTPS. --args The first one, tells chromium to use a . Setting this to will route all requests to the Postman proxy server. --proxy-server custom proxy configuration localhost:5555 The second argument, will temporarily disable certificate checks. Without it, the Electron app will error sending any requests over HTTPS. --ignore-certificate-errors Send requests to the proxy Now that the Electron app is configured to route HTTP requests through our proxy, all we need to do is trigger the relevant API calls. In this example, we search for extensions to find out which endpoint we need to scrape the Visual Studio Marketplace. Sending queries from VSCode to Postman Proxy. Browse Postman history While making requests, you’ll start to see them appear in Postman’s history tab. This is where you can browse the requests made by the Electron app. Browsing requests made through Postman requests. Clicking on a request will let you see the full response. Since there’s no documentation, changing parameters and seeing how it affects the response will help you reverse engineer the API. Send Conclusion Intercepting HTTP requests from Electron apps with Postman is really simple to setup. This of course only works for Electron apps. Check out for a full-featured tool to intercept all HTTP traffic from your computer. Charles proxy Happy hacking!