A device for mechanically changing mitmproxy captures to OpenAPI 3.0 specs. This implies that you could mechanically reverse-engineer REST APIs by simply working the apps and capturing the visitors.
Set up
First you will have python3 and pip3.
$ pip set up mitmproxy2swagger
# ... or ...
$ pip3 set up mitmproxy2swaggerThen clone the repo and run mitmproxy2swagger as per examples beneath.
Utilization
Mitmproxy
To create a specification by inspecting HTTP visitors you will have to:
-
Seize the visitors by utilizing the mitmproxy device. I personally suggest utilizing mitmweb, which is an internet interface built-in to mitmproxy.
$ mitmweb
Internet server listening at http://127.0.0.1:8081/
Proxy server listening at http://*:9999
...IMPORTANT
To configure your consumer to make use of the proxy uncovered by mitm proxy, please seek the advice of the mitmproxy documentation for extra info.
-
Save the visitors to a stream file.
In mitmweb you are able to do this by utilizing the “File” menu and choosing “Save”:
-
Run the primary go of mitmproxy2swagger:
$ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix>Please observe that you should use an current schema, by which case the prevailing schema might be prolonged with the brand new knowledge. You may as well run it just a few instances with totally different stream captures, the captured knowledge might be safely merged.
<api_prefix>is the bottom url of the API you want to reverse-engineer. You have to to acquire it by observing the requests being made in mitmproxy.For instance if an app has made requests like these:
https://api.instance.com/v1/login
https://api.instance.com/v1/customers/2
https://api.instance.com/v1/customers/2/profileThe doubtless prefix is
https://api.instance.com/v1. -
Working the primary go ought to have created a piece within the schema file like this:
x-path-templates:
# Take away the ignore: prefix to generate an endpoint with its URL
# Strains which can be nearer to the highest take priority, the matching is grasping
- ignore:/addresses
- ignore:/basket
- ignore:/basket/add
- ignore:/basket/checkouts
- ignore:/basket/coupons/connect/{id}
- ignore:/basket/coupons/connect/104754You must edit the schema file with a textual content editor and take away the
ignore:prefix from the paths you want to be generated. You may as well alter the parameters showing within the paths. -
Run the second go of mitmproxy2swagger:
$ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples]Run the command a second time (with the identical schema file). It is going to choose up the edited traces and generate endpoint descriptions.
Please observe that mitmproxy2swagger is not going to overwrite current endpoint descriptions, if you wish to overwrite them, you may delete them earlier than working the second go.
Passing
--exampleswill add instance knowledge to requests and responses. Take warning when utilizing this feature, as it might add delicate knowledge (tokens, passwords, private info and many others.) to the schema.
HAR
-
Seize and export the visitors from the browser DevTools.
Within the browser DevTools, go to the Community tab and click on the “Export HAR” button.
-
Proceed the identical means you’ll do with the mitmproxy dump.
mitmproxy2swaggerwill mechanically detect the HAR file and course of it.
Instance output
See the examples. You’ll discover a generated schema there and an html file with the generated documentation (through redoc-cli).
See the generated html file right here.
