mitmproxy2swagger VS mitmproxy

Are there APIs you have in mind?

One tool we have under development is a tool (might end up being a chrome extension) that will analyze web requests to turn them into a spec.

There are a few tools that are similar in purpose, though I've only seen ones based on proxying, rather than chrome's network request recording.

- https://github.com/alufers/mitmproxy2swagger

- https://github.com/adafruit/openapi-mitm

You could easily reverse engineer that API with: https://github.com/alufers/mitmproxy2swagger

This statement gives a false sense of security. You can use a transparent proxy, like mitmproxy, to view HTTPS traffic - https://mitmproxy.org/. https://reedmideke.github.io/networking/2021/01/04/mitmproxy-openwrt.html

You'll need to install mitmproxy and set it up on your computer and iOS. I won't go into too much detail here on how to do this, but there are plenty of guides available. This is a pretty good one: https://nadav.ca/2021/02/26/inspecting-an-iphone-s-https-traffic/

TIL this goes back to 2006, how cool! We nowadays have a much simpler version as a mitmproxy example: https://github.com/mitmproxy/mitmproxy/blob/main/examples/ad.... Although it obviously does not work as well anymore with everything being HTTPS nowadays (unless you trust the cert of course). :)

Perhaps you could have your device use a proxy that can do the HTTPS unwrap for you? https://mitmproxy.org/ maybe?

A great way to test the effectiveness of a pinning implementation is by simulating an MITM attack. Tools like Mitmproxy or Wireshack allow us to create a test environment to monitor, intercept, and proxy network requests for a test host.