Skip to content Skip to footer
0 items - $0.00 0
Menu

Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs by alufers

17CommentsShare Post
Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs by alufers
Show

Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs by alufers

May 12, 2022
17Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

video.mp4


A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic.

Installation

First you will need python3 and pip3.

$ pip install mitmproxy2swagger 
# ... or ...
$ pip3 install mitmproxy2swagger

Then clone the repo and run mitmproxy2swagger as per examples below.

Usage

To create a specification by inspecting HTTP traffic you will need to:

  1. Capture the traffic by using the mitmproxy tool. I personally recommend using mitmweb, which is a web interface built-in to mitmproxy.

    $ mitmweb
Web server listening at http://127.0.0.1:8081/
Proxy server listening at http://*:9999
...

    IMPORTANT

    To configure your client to use the proxy exposed by mitm proxy, please consult the mitmproxy documentation for more information.

  2. Save the traffic to a flow file.

    In mitmweb you can do this by using the “File” menu and selecting “Save”:

  3. Run the first pass of mitmproxy2swagger:

    Please note that you can use an existing schema, in which case the existing schema will be extended with the new data. You can also run it a few times with different flow captures, the captured data will be safely merged.

    is the base url of the API you wish to reverse-engineer. You will need to obtain it by observing the requests being made in mitmproxy.

    For example if an app has made requests like these:

    https://api.example.com/v1/login
https://api.example.com/v1/users/2
https://api.example.com/v1/users/2/profile

    The likely prefix is https://api.example.com/v1.

  4. Running the first pass should have created a section in the schema file like this:

    x-path-templates:
# Remove the ignore: prefix to generate an endpoint with its URL
# Lines that are closer to the top take precedence, the matching is greedy
- ignore:/addresses
- ignore:/basket
- ignore:/basket/add
- ignore:/basket/checkouts
- ignore:/basket/coupons/attach/{id}
- ignore:/basket/coupons/attach/104754

    You should edit the schema file with a text editor and remove the ignore: prefix from the paths you wish to be generated. You can also adjust the parameters appearing in the paths.

  5. Run the second pass of mitmproxy2s

Read More

0Likes
Show comments (17)

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.