Search the Community
Showing results for tags 'rest'.
-
MitmProxy2Swagger - Automagically reverse-engineer REST API A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic. Installation First you will need python3 and pip3. pip install mitmproxy2swagger# ... or ...pip3 install mitmproxy2swagger Then clone the repo and run mitmproxy2swagger as per examples below. Usage Mitmproxy To create a specification by inspecting HTTP traffic you will need to: Capture the traffic by using the mitmproxy tool. I personally recommend using mitmweb, which is a web interface built-in to mitmproxy. $ mitmweb Web server listening at [Hidden Content] Proxy server listening at [Hidden Content] ... IMPORTANT To configure your client to use the proxy exposed by mitm proxy, please consult the mitmproxy documentation for more information. Save the traffic to a flow file. In mitmweb you can do this by using the “File” menu and selecting “Save”: Run the first pass of mitmproxy2swagger: mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> Please note that you can use an existing schema, in which case the existing schema will be extended with the new data. You can also run it a few times with different flow captures, the captured data will be safely merged. <api_prefix> is the base url of the API you wish to reverse-engineer. You will need to obtain it by observing the requests being made in mitmproxy. For example if an app has made requests like these: [Hidden Content] [Hidden Content] [Hidden Content]/profile The likely prefix is [Hidden Content]. Running the first pass should have created a section in the schema file like this: x-path-templates: # Remove the ignore: prefix to generate an endpoint with its URL # Lines that are closer to the top take precedence, the matching is greedy - ignore:/addresses - ignore:/basket - ignore:/basket/add - ignore:/basket/checkouts - ignore:/basket/coupons/attach/{id} - ignore:/basket/coupons/attach/104754 You should edit the schema file with a text editor and remove the ignore: prefix from the paths you wish to be generated. You can also adjust the parameters appearing in the paths. Run the second pass of mitmproxy2swagger: mitmproxy2swagger -i <path_to_mitmptoxy_flow> -o <path_to_output_schema> -p <api_prefix> [--examples Run the command a second time (with the same schema file). It will pick up the edited lines and generate endpoint descriptions. Please note that mitmproxy2swagger will not overwrite existing endpoint descriptions, if you want to overwrite them, you can delete them before running the second pass. Passing --examples will add example data to requests and responses. Take caution when using this option, as it may add sensitive data (tokens, passwords, personal information etc.) to the schema. HAR Capture and export the traffic from the browser DevTools. In the browser DevTools, go to the Network tab and click the “Export HAR” button. Continue the same way you would do with the mitmproxy dump. mitmproxy2swagger will automatically detect the HAR file and process it. Download && Source [hide][Hidden Content]]
-
- 3
-
- rest
- reverse-engineer
-
(and 3 more)
Tagged with:
-
Start a business with this Contactless Restaurant Menu Maker within 5 minutes. With the help of this digital menu, customers can scan the QR code and check the menu on their phones. - Last Version 7.2 Happy Nulled Version 7.0.2 [30/10/2021] 1. QR template Missing Translations Added. 2. Dashboard Ui Issue Solved. 3. Store Panel Ui issue Solved. Download [hide][Hidden Content]] Password level23hacktools.com
-
Are you stuck with setting up an admin panel in laravel? Radmin Laravel starter will be the best solution for you.REST API, Advanced user, roles & permission management , Serverside Datatable, Datatable Edit and Export( CSV, EXCEL, PRINT, PDF, COPY),Cache Clear, XSS protection and many more features. [Hidden Content] [hide][Hidden Content]]
-
Exploits Drupal 8.6.9 REST Remote Code Execution
1337day-Exploits posted a topic in Updated Exploits
Drupal versions 8.6.9 and below REST service remote code execution proof of concept exploit. View the full article -
Exploits Drupal REST Module Remote Code Execution
1337day-Exploits posted a topic in Updated Exploits
Drupal versions prior to 8.6.10 and 8.5.11 suffer from a REST module remote code execution vulnerability. View the full article