Reverse Engineer an API

Reverse engineering an API involves generating Swagger API documentation when documentation is not available. One way to do this is by using mitmwebproxy to intercept and capture the traffic of the API. The traffic can then be exported in flow file format and used as input for mitmproxy2swagger, a python CLI tool. This tool converts the flow file's HTTP requests into API documentation in the form of a Swagger file, allowing developers and testers to understand and utilize the API's endpoints, parameters, and responses.

  1. First, set up the Man In The Middle (MITM) web proxy. This can be done by installing a tool such as MITMwebproxy.

  2. Next, open Firefox and configure the MITM proxy using an addon such as FoxyProxy. This will ensure that all traffic from Firefox is intercepted by the MITM web proxy.

  3. Perform the functional activity on your API through the user interface.

  4. Certain APIs that you want to document will be logged on the MITM web proxy.

  5. Export those APIs in flow file format, which is the inbuilt file format of MITM.

  6. Install mitmproxy2swagger, a tool that can convert mitmproxy flow files into Swagger documentation.

  7. Execute the tool, providing the flow file as input and setting a .yml file as output. Command: 

    mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> -f flow

  8. The generated .yml files may have errors, so it's necessary to fix those first.

  9. After fixing the errors, re-execute the command and add -examples in the command. 

    mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> -f flow --examples

  10. Open the Swagger online editor (https://editor.swagger.io/)

  11. Import the .yml file

  12. The documentation is ready for use.

PreviousWhat is bug bounty methodology?NextHow to discover websites which got recently available on internet?

Last updated