Reverse Engineer an API using MITMWEB and POSTMAN and create a Swagger file (crAPI)

Many times when the we are trying to Pentest an API we might not get access to Swagger file or the documentations of the API, Today we will…

Many times when the we are trying to Pentest an API we might not get access to Swagger file or the documentations of the API, Today we will try to create the swagger file using Mitmweb and Postman.

Man in The Midlle Proxy (MITMweb)

run mitmweb through our command line in Kali

and as we can see it starts to listen on the port 8080 for http/https traffic, and we will make sure that its running by navigating to the above address which is the localhost at port 8081

and then we will proxy our traffic thorugh Burp Suite proxy port 8080 because we already has mitmweb listening for this port (make sure Burp is closed)

and then we will stop the capture and use mitmproxy2swagger to analyse it

#api #dev #webdev #swagger #pentesting #mitmweb #postman #reverse-engineering #openapi #tool

·medium.com·Oct 8, 2024

Reverse Engineer an API using MITMWEB and POSTMAN and create a Swagger file (crAPI)