Reverse Engineer an API

Tools to use

1. FoxyProxy

2. mitmweb

3. mitmproxy2swagger

4. https://editor.swagger.io/

5. Postman

Steps to Reproduce

1. Foxyproxy: Turn on 8080 port using Foxy Proxy.(Label it anything you want)

2. mitmweb: Run sudo mitmweb and then go to mitm.it and install & import the certificate.

3. Explore Website w/ API's functionalities: Go to the website w/ api that you want to gather the API endpoints from and explore it's functionalities. The mitmweb tool will capture it, afterwards you can download the captures as a flow file in mitmweb by clicking on file -> save all.

4. mitmproxy2swagger: Here we run sudo mitmproxy2swagger -i flows -o spec.yml -p <website api> -f flow. This will turn flows file to a yml file. Afterwards you need to remove the ignore: in the spec.yml and run sudo mitmproxy2swagger -i flows -o spec.yml -p <website api> -f flow --examples, --examples is added to enhance the documentation of the api endpoints.

5. https://editor.swagger.io/: Now you can import the clean spec.yml file and visualize the different endpoints.

6. Postman: You can also import the spec.yml in postman which will produce a well organized collection.