Reverse Engineer an API using MITMWEB and POSTMAN

Reverse Engineer an API using MITMWEB and POSTMAN and create a Swagger file (crAPI)

Many times when we try to Pentest an API we might not get access to the Swagger file or the documentation of the API, Today we will try to create a swagger file using Mitmweb and Postman.

First we will run mitmweb through our command line in Kali

# mitmweb

Running MITMWEB

and as we can see it starts to listen on the port 8080 for http/https traffic, and we will make sure that it's running by navigating to the above address which is the localhost at port 8081 and we will be greeted with something like this:

MITMproxy is running

and then we will proxy our traffic through Burp Suite proxy port 8080 because we already has mitmweb listening for this port (make sure Burp is closed)

making the proxy port ready in the browser

after this we will navigate crAPI and perform various actions like registering a user, login to the web site, forgetting password, going through different tabs, etc.

Navigating crAPI

and we can see that mitmweb is capturing the traffic

MITMWEB is getting requests and capturing traffic

and then we will check the 8081 port on the web server and find it filled with data

Getting Flows through mitmweb

then from File tab we will save the traffic flow that we captured

Saving the traffic captured

and then we will stop the capture and use mitmproxy2swagger to analyse it

# sudo mitmproxy2swagger -i ./Downloads/flows -o spec.yml -p http://localhost:8888/ -f flow

what we did here is that we used the flow file for making the swagger and then limited the results from the flow file to only be for crAPI.

Analysing Captured file using mitmproxy2swagger

after it finishes we will look at it with text editor and see what is there :

spec.yml file after it finishes

from here we will remove ignore from the files that contain APIs

removing ignore from the APIs

and we will run the previous command one more time to make a swagger file with examples:

# sudo mitmproxy2swagger -i ./Downloads/flows -o spec.yml -p http://localhost:8888/ -f flow --examples

rerunning the mitmproxy2swagger

from here we will go to swagger editor to visualize our file and we will upload it

Swagger EditorEdit descriptioneditor.swagger.io

uploading our file to Editor.swagger.io

and then we can analyse it and go through it more and try to get an idea about the API construction and structure.

Analysing the API using Editor.swagger.io

as we can see we make some sort of API documentation. from here we will go to Postman and import the .yml file to create a collection from what we did.

# postman

and inside Postman we will import the yml file

Importing API file

and now we can see it in the API tab and see the structure better and we can start playing with the requests from postman.

API Reverse Engineering

And we can dig deeper into it

this is the request for changing Email example

As we can see mitmweb and Postman are powerful tools to see how the API is constructed and layout if you don’t have proper documentation or its a legacy API and you don’t actually know how it works and it can be useful as well for those who are doing Black Box pentesting.

REFERENCES

PreviousReverse EngineeringNextAPI Hacking Basics

Last updated

Was this helpful?