> For the complete documentation index, see [llms.txt](https://wiki.smhuda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.smhuda.com/pentesting/application-security/api-security/postman-and-burp.md).

# Postman and Burp

## Error in Postman Connecting/Proxying via Burp Suite:

Burp will only send HTTP/2 requests if it has been told by the server that HTTP/2 is supported. After setting the configuration in proxy options to allow only HTTP1.1, the both API requests behaved as expected.

<figure><img src="/files/g7lyAqbtYLIinCdf1vhA" alt=""><figcaption></figcaption></figure>

## How to Proxy via Burp Using Postman:

Ensure `SSL Verification` is toggled `Off` in Postman Settings as follows:

<figure><img src="/files/q09DbKp34r2YHYfBU4Ip" alt=""><figcaption></figcaption></figure>

Set the Postman proxy Settings where `System Proxy` is off and `Proxy Settings` are set to the Burp Proxy. In my case it is `127.0.0.1` and `8080` as LPORT.

<figure><img src="/files/VuUMD8DDtEwOe7P3DlVn" alt=""><figcaption></figcaption></figure>
