Ask Your Question
0

Capture the cURL (https://curl.se/) request (header and body) initiated by Postman REST API client

asked 2024-09-24 01:25:26 +0000

kaushalshriyan gravatar image

Hi,

I am using a postman to invoke a REST API call. Is there a way to capture the cURL (https://curl.se/) request (header and body) initiated by Postman REST API client to the Application server which is running RHEL 8.10 OS to the backend server/system using tcpdump and using wireshark to analyse the packet.pcap trace file?

Postman -> Application server -> Proxy server -> Backend server.

Headers which contain metadata about the request, such as content type, user agent, and so on.

Body which is the message body and contains the data that we want to send, if any. Generally, the body is used with POST and PUT methods.

Please guide me.

Best Regards,

Kaushal

edit retag flag offensive close merge delete

Comments

If you can test with unencrypted http, probably.
Is running over https probably not.
Add support for SSLKEYLOGFILE #8873

Chuckc gravatar imageChuckc ( 2024-09-24 02:41:00 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2024-09-25 13:05:52 +0000

André gravatar image

In the Postman GUI you can view the HTTP headers send and received, in the tab labelled "Headers".

When using curl the option -v, --verbose will make it print out the HTTP headers.

If the REST API call is unencrypted (using http) then it will be visible in a network capture. If it is encrypted (using https) then a SSLKEYLOGFILE is needed to decrypt it.

Curl does support SSLKEYLOGFILE, so capturing that traffic can be done the same way as for example a browser (in Wireshark via menu Tools / TLS Keylog Launcher).
There is one exception I know of: when using the Windows native version of curl. Because it is compiled using the Schannel library (curl -V shows this), which does not support SSLKEYLOGFILE.

Also, often the SSLKEYLOGFILE feature can be used server side as well. For example when de application is written in Java, one of the options is jSSLKeyLog .

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-09-24 01:25:26 +0000

Seen: 283 times

Last updated: Sep 25