Using Chrome’s network inspector and capturing requests made from the VSCode
desktop app, I was able reverse engineer
the marketplace API.
This post will cover how you can use Postman
to intercept HTTP requests from Electron
applications with only a few clicks.
Start Postman’s proxy
This first thing you’re going to do is open Postman. If you don’t have it you can download it from here
Once it’s opened, configuring Postman’s proxy server
is as simple as clicking on the Satellite
Click the Satellite icon to configure the proxy server.
Using the defaults will start the proxy server on port 5555 and log all output to history
. Click the Connect button to start the proxy server.
Open the Electron app
With the proxy server started, any requests made to it will be logged and allow you to replay them later. The next step is to configure the Electron app to send requests through the proxy.
Since Electron apps are built on top of chromium, we can use a couple command line arguments to redirect HTTP requests made inside the app to the proxy server.
Using VSCode as an example, open the Electron app with:
--args is passed as arguments to the app. We’re going to add two flags to route traffic to the proxy server and enable HTTPS.
The first one,
tells chromium to use a custom proxy configuration
. Setting this to
will route all requests to the Postman proxy server.
The second argument,
--ignore-certificate-errors will temporarily disable certificate checks. Without it, the Electron app will error sending any requests over HTTPS.
Send requests to the proxy
Now that the Electron app is configured to route HTTP requests through our proxy, all we need to do is trigger the relevant API calls.
In this example, we search for extensions to find out which endpoint we need to scrape the Visual Studio Marketplace.
Sending queries from VSCode to Postman Proxy.
Browse Postman history
While making requests, you’ll start to see them appear in Postman’s history tab. This is where you can browse the requests made by the Electron app.
Browsing requests made through Postman requests.
Clicking Send on a request will let you see the full response. Since there’s no documentation, changing parameters and seeing how it affects the response will help you reverse engineer the API.
Intercepting HTTP requests from Electron apps with Postman is really simple to setup. This of course only works for Electron apps. Check out Charles proxy
for a full-featured tool to intercept all HTTP traffic from your computer.