mitmproxy2swagger/README.md

# mitmproxy2swagger

[![PyPI version](https://badge.fury.io/py/mitmproxy2swagger.svg)](https://badge.fury.io/py/mitmproxy2swagger)
[![Arch Linux repository](https://img.shields.io/badge/archlinux-mitmproxy2swagger-blue)](https://archlinux.org/packages/community/any/mitmproxy2swagger/)

<https://user-images.githubusercontent.com/5400940/168086818-c48f60ab-3f95-42eb-b435-c8b1a6326b81.mp4>

A tool for automatically converting [mitmproxy](https://mitmproxy.org/) captures to [OpenAPI 3.0](https://swagger.io/specification/) specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic.

---

**🆕 NEW!**

Added support for processing HAR exported from the browser DevTools. See [Usage - HAR](#har) for more details.

---

## Installation

First you will need python3 and pip3.

```bash
$ pip install mitmproxy2swagger
# ... or ...
$ pip3 install mitmproxy2swagger
# ... or ...
$ git clone git@github.com:alufers/mitmproxy2swagger.git
$ cd mitmproxy2swagger
$ docker build -t mitmproxy2swagger .
```

Then clone the repo and run `mitmproxy2swagger` as per examples below.

## Usage

### Mitmproxy

To create a specification by inspecting HTTP traffic you will need to:

1. Capture the traffic by using the mitmproxy tool. I personally recommend using mitmweb, which is a web interface built-in to mitmproxy.

   ```bash
   $ mitmweb
   Web server listening at http://127.0.0.1:8081/
   Proxy server listening at http://*:9999
   ...
   ```

   **IMPORTANT**

   To configure your client to use the proxy exposed by mitm proxy, please consult the [mitmproxy documentation](https://docs.mitmproxy.org/stable/) for more information.

2. Save the traffic to a flow file.

   In mitmweb you can do this by using the "File" menu and selecting "Save":

   ![A screenshot showing the location of the "Save" option in the "File" menu](./docs/mitmweb_save.png)

3. Run the first pass of mitmproxy2swagger:

   ```bash
   $ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix>
   # ... or ...
   $ docker run -it -v $PWD:/app mitmproxy2swagger mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix>
   ```

   Please note that you can use an existing schema, in which case the existing schema will be extended with the new data. You can also run it a few times with different flow captures, the captured data will be safely merged.

   `<api_prefix>` is the base url of the API you wish to reverse-engineer. You will need to obtain it by observing the requests being made in mitmproxy.

   For example if an app has made requests like these:

   ```http
   https://api.example.com/v1/login
   https://api.example.com/v1/users/2
   https://api.example.com/v1/users/2/profile
   ```

   The likely prefix is `https://api.example.com/v1`.

4. Running the first pass should have created a section in the schema file like this:

   ```yaml
   x-path-templates:
     # Remove the ignore: prefix to generate an endpoint with its URL
     # Lines that are closer to the top take precedence, the matching is greedy
     - ignore:/addresses
     - ignore:/basket
     - ignore:/basket/add
     - ignore:/basket/checkouts
     - ignore:/basket/coupons/attach/{id}
     - ignore:/basket/coupons/attach/104754
   ```

   You should edit the schema file with a text editor and remove the `ignore:` prefix from the paths you wish to be generated. You can also adjust the parameters appearing in the paths.

5. Run the second pass of mitmproxy2swagger:

   ```bash
   $ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples]
   # ... or ...
   $ docker run -it -v $PWD:/app mitmproxy2swagger mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples]
   ```

   Run the command a second time (with the same schema file). It will pick up the edited lines and generate endpoint descriptions.

   Please note that mitmproxy2swagger will not overwrite existing endpoint descriptions, if you want to overwrite them, you can delete them before running the second pass.

   Passing `--examples` will add example data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema.
   Passing `--headers` will add headers data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema.

### HAR

1. Capture and export the traffic from the browser DevTools.

   In the browser DevTools, go to the Network tab and click the "Export HAR" button.

   ![A screenshot showing where the export har button is located](./docs/export_har_button.png)

2. Continue the same way you would do with the mitmproxy dump. `mitmproxy2swagger` will automatically detect the HAR file and process it.

## Example output

See the [examples](./example_outputs/). You will find a generated schema there and an html file with the generated documentation (via [redoc-cli](https://www.npmjs.com/package/redoc-cli)).

See the generated html file [here](https://raw.githack.com/alufers/mitmproxy2swagger/master/example_outputs/lisek-static.html).

## License

MIT
first commit 3 years ago			`# mitmproxy2swagger`

docs: add pypi badge 3 years ago			`[![PyPI version](https://badge.fury.io/py/mitmproxy2swagger.svg)](https://badge.fury.io/py/mitmproxy2swagger)`
Add Arch Linux badge to readme 2 years ago			`[![Arch Linux repository](https://img.shields.io/badge/archlinux-mitmproxy2swagger-blue)](https://archlinux.org/packages/community/any/mitmproxy2swagger/)`
docs: add pypi badge 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`<https://user-images.githubusercontent.com/5400940/168086818-c48f60ab-3f95-42eb-b435-c8b1a6326b81.mp4>`
add video to readme 3 years ago
first commit 3 years ago			`A tool for automatically converting [mitmproxy](https://mitmproxy.org/) captures to [OpenAPI 3.0](https://swagger.io/specification/) specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic.`

docs: add docs for HAR support 3 years ago			`---`
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago
docs: add docs for HAR support 3 years ago			`🆕 NEW!`

			`Added support for processing HAR exported from the browser DevTools. See [Usage - HAR](#har) for more details.`

			`---`

first commit 3 years ago			`## Installation`

Fix installation instructions 3 years ago			`First you will need python3 and pip3.`

first commit 3 years ago			```bash
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`$ pip install mitmproxy2swagger`
Fix installation instructions 3 years ago			`# ... or ...`
			`$ pip3 install mitmproxy2swagger`
add dockerfile 2 years ago			`# ... or ...`
			`$ git clone git@github.com:alufers/mitmproxy2swagger.git`
			`$ cd mitmproxy2swagger`
			`$ docker build -t mitmproxy2swagger .`
first commit 3 years ago			```

Fix installation instructions 3 years ago			Then clone the repo and run `mitmproxy2swagger` as per examples below.
first commit 3 years ago
			`## Usage`

docs: add docs for HAR support 3 years ago			`### Mitmproxy`

first commit 3 years ago			`To create a specification by inspecting HTTP traffic you will need to:`

			`1. Capture the traffic by using the mitmproxy tool. I personally recommend using mitmweb, which is a web interface built-in to mitmproxy.`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			```bash
			`$ mitmweb`
			`Web server listening at http://127.0.0.1:8081/`
			`Proxy server listening at http://*:9999`
			`...`
			```
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`IMPORTANT`

			`To configure your client to use the proxy exposed by mitm proxy, please consult the [mitmproxy documentation](https://docs.mitmproxy.org/stable/) for more information.`
first commit 3 years ago
			`2. Save the traffic to a flow file.`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`In mitmweb you can do this by using the "File" menu and selecting "Save":`

			`![A screenshot showing the location of the "Save" option in the "File" menu](./docs/mitmweb_save.png)`
first commit 3 years ago
			`3. Run the first pass of mitmproxy2swagger:`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			```bash
			`$ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix>`
			`# ... or ...`
			`$ docker run -it -v $PWD:/app mitmproxy2swagger mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix>`
			```
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`Please note that you can use an existing schema, in which case the existing schema will be extended with the new data. You can also run it a few times with different flow captures, the captured data will be safely merged.`
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`<api_prefix>` is the base url of the API you wish to reverse-engineer. You will need to obtain it by observing the requests being made in mitmproxy.
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`For example if an app has made requests like these:`
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			```http
			`https://api.example.com/v1/login`
			`https://api.example.com/v1/users/2`
			`https://api.example.com/v1/users/2/profile`
			```
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			The likely prefix is `https://api.example.com/v1`.
first commit 3 years ago
			`4. Running the first pass should have created a section in the schema file like this:`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			```yaml
			`x-path-templates:`
			`# Remove the ignore: prefix to generate an endpoint with its URL`
			`# Lines that are closer to the top take precedence, the matching is greedy`
			`- ignore:/addresses`
			`- ignore:/basket`
			`- ignore:/basket/add`
			`- ignore:/basket/checkouts`
			`- ignore:/basket/coupons/attach/{id}`
			`- ignore:/basket/coupons/attach/104754`
			```
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			You should edit the schema file with a text editor and remove the `ignore:` prefix from the paths you wish to be generated. You can also adjust the parameters appearing in the paths.
first commit 3 years ago
			`5. Run the second pass of mitmproxy2swagger:`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			```bash
			`$ mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples]`
			`# ... or ...`
			`$ docker run -it -v $PWD:/app mitmproxy2swagger mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples]`
			```
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`Run the command a second time (with the same schema file). It will pick up the edited lines and generate endpoint descriptions.`
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`Please note that mitmproxy2swagger will not overwrite existing endpoint descriptions, if you want to overwrite them, you can delete them before running the second pass.`
first commit 3 years ago
Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			Passing `--examples` will add example data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema.
			Passing `--headers` will add headers data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema.
first commit 3 years ago
docs: add docs for HAR support 3 years ago			`### HAR`

			`1. Capture and export the traffic from the browser DevTools.`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`In the browser DevTools, go to the Network tab and click the "Export HAR" button.`

			`![A screenshot showing where the export har button is located](./docs/export_har_button.png)`
docs: add docs for HAR support 3 years ago
			2. Continue the same way you would do with the mitmproxy dump. `mitmproxy2swagger` will automatically detect the HAR file and process it.

first commit 3 years ago			`## Example output`

Fix typos 3 years ago			`See the [examples](./example_outputs/). You will find a generated schema there and an html file with the generated documentation (via [redoc-cli](https://www.npmjs.com/package/redoc-cli)).`
first commit 3 years ago
Add html link to the readme 3 years ago			`See the generated html file [here](https://raw.githack.com/alufers/mitmproxy2swagger/master/example_outputs/lisek-static.html).`

first commit 3 years ago			`## License`

Add pre-commit and a myriad of other tools Run them on all of the source 2 years ago			`MIT`