Show HN: Mitmproxy2swagger – Automagically reverse-engineer REST APIs

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
  • mitmproxy2swagger

    Automagically reverse-engineer REST APIs via capturing traffic

  • ideas

    :rocket: Ideas for everyone under a CC licence. Feel free to use. I'll send you a postcard if you build anything on this list. (by captn3m0)

    Almost exactly a fit against my idea[1] to generate OpenAPI from HAR files.

    [1]: https://github.com/captn3m0/ideas#openapi-specification-gene...

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • har2openapi

    Generate openapi spec api documentation from captured har files

  • openapi-to-fastapi

    OpenAPI 3.0 to FastAPI route generator

    This is really incredible. With a rooted android phone and these tools, plus a couple others [1], you can basically reimplement anything in a weekend.

    [1]: https://github.com/ioxiocom/openapi-to-fastapi

  • apiclarity

    An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

    Hi, I would also like to add another tool I'm contributing to at work (cisco) called APIClarity [1]. It aims at reconstructing swagger specifications of REST microservices running in K8S, but can also be run locally.

    This is a challenging task and we don't support OpenAPI v3 specs yet (we are working on it).

    Feel free to have a look, and get ideas from it :)

    We'll also be presenting it at next Kubecon 2022.

    [1]: https://github.com/openclarity/apiclarity

  • har2requests

    Generate Python Requests code from your browser activity 🤖

    Very nice!

    On the same note, I wrote a program to generate Python code (requests) from a HAR capture: https://github.com/louisabraham/har2requests

    I think using HAR captures is simpler for the end user than spawning mitmproxy as they don't require any installation and are extracted from the network tab of the browser devtools. Is there a reason why you didn't use them?

  • mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    mitmproxy (https://mitmproxy.org/) has scripting support that will let you do most of this.

    For example, you can expose mitmproxy, listen to HTTP requests for a specific host (using this API: https://docs.mitmproxy.org/stable/api/mitmproxy/http.html), intercept the request, do whatever API calls you need, and inject a response without ever forwarding the request to the original server.

    Alternatively, you could modify the request and then change the request destination, like in this example here: https://docs.mitmproxy.org/stable/addons-examples/#http-redi.... Using the WSGI support, you could even use normal Python annotations to build your own API without doing too much pattern matching: https://docs.mitmproxy.org/stable/addons-examples/#wsgi-flas...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • cats

    CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. (by Endava)

    This is great :) You can then fuzz your APIs for issues using https://github.com/Endava/cats.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts