Reverse Engineer an API using MITMWEB and POSTMAN
Last updated
Was this helpful?
Last updated
Was this helpful?
Many times when we try to Pentest an API we might not get access to the Swagger file or the documentation of the API, Today we will try to create a swagger file using Mitmweb and Postman.
First we will run mitmweb through our command line in Kali
# mitmweb
and as we can see it starts to listen on the port 8080 for http/https traffic, and we will make sure that it's running by navigating to the above address which is the localhost at port 8081 and we will be greeted with something like this:
and then we will proxy our traffic through Burp Suite proxy port 8080 because we already has mitmweb listening for this port (make sure Burp is closed)
after this we will navigate crAPI and perform various actions like registering a user, login to the web site, forgetting password, going through different tabs, etc.
and we can see that mitmweb is capturing the traffic
and then we will check the 8081 port on the web server and find it filled with data
then from File tab we will save the traffic flow that we captured
and then we will stop the capture and use mitmproxy2swagger to analyse it
# sudo mitmproxy2swagger -i ./Downloads/flows -o spec.yml -p http://localhost:8888/ -f flow
what we did here is that we used the flow file for making the swagger and then limited the results from the flow file to only be for crAPI.
after it finishes we will look at it with text editor and see what is there :
from here we will remove ignore from the files that contain APIs
and we will run the previous command one more time to make a swagger file with examples:
# sudo mitmproxy2swagger -i ./Downloads/flows -o spec.yml -p http://localhost:8888/ -f flow --examples
from here we will go to swagger editor to visualize our file and we will upload it
Swagger EditorEdit descriptioneditor.swagger.io
and then we can analyse it and go through it more and try to get an idea about the API construction and structure.
as we can see we make some sort of API documentation. from here we will go to Postman and import the .yml file to create a collection from what we did.
# postman
and inside Postman we will import the yml file
and now we can see it in the API tab and see the structure better and we can start playing with the requests from postman.
And we can dig deeper into it
As we can see mitmweb and Postman are powerful tools to see how the API is constructed and layout if you don’t have proper documentation or its a legacy API and you don’t actually know how it works and it can be useful as well for those who are doing Black Box pentesting.
