Mitmproxy2Swagger is a tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic.
First you will need python3 and pip3.
pip install mitmproxy2swagger
… or …
pip3 install mitmproxy2swagger
Then clone the repo and run mitmproxy2swagger
as per examples below.
To create a specification by inspecting HTTP traffic you will need to:
$ mitmweb
Web server listening at http://127.0.0.1:8081/
Proxy server listening at http://*:9999
…
Run the first pass of mitmproxy2swagger:
$ mitmproxy2swagger -i -o -p
Please note that you can use an existing schema, in which case the existing schema will be extended with the new data. You can also run it a few times with different flow captures, the captured data will be safely merged.
<api_prefix>
is the base url of the API you wish to reverse-engineer. You will need to obtain it by observing the requests being made in mitmproxy.
For example if an app has made requests like these:
https://api.example.com/v1/login
https://api.example.com/v1/users/2
https://api.example.com/v1/users/2/profile
https://api.example.com/v1
.x-path-templates:
Remove the ignore: prefix to generate an endpoint with its URL
Lines that are closer to the top take precedence, the matching is greedy
ignore:/addresses
ignore:/basket
ignore:/basket/add
ignore:/basket/checkouts
ignore:/basket/coupons/attach/{id}
ignore:/basket/coupons/attach/104754
ignore:
prefix from the paths you wish to be generated. You can also adjust the parameters appearing in the paths.$ mitmproxy2swagger -i -o -p [–examples]
Run the command a second time (with the same schema file). It will pick up the edited lines and generate endpoint descriptions.
Please note that mitmproxy2swagger will not overwrite existing endpoint descriptions, if you want to overwrite them, you can delete them before running the second pass.
Passing --examples
will add example data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema.
mitmproxy2swagger
will automatically detect the HAR file and process it.Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…