Often, the issue is that it can be hard to resolve all the cookies, access tokens, and other elements required to successfully execute the requests. Manually trying to resolve these dependencies using developer tools is especially challenging with multiple requests where data is stored in JavaScript objects or HTML elements.
To try to solve this issue, I built a tool called API Parrot that automatically identifies the data correlations between requests and builds a graphical representation of the flow to give users a better understanding. To streamline the process, I also included functionality to record requests, define your own inputs and outputs, and export the entire flow—or parts of it—as JavaScript code.
The application is Electron-based and currently compiled for Windows and Linux. Please try it out and give feedback!
Online Tutorial: A simple example of reverse engineering the USPS API is available at https://docs.apiparrot.com/docs/category/tutorial---reverse-...
Which leads me to...
- Is this closed source?
- Does it cost money?
- How does it discover data relationships?
- Is this closed source?
Currently, the code is not open source, but I might open-source parts of it in the future.
- Does it cost money?
The software is free to use. If there is demand, I might create a "pro" version for businesses in the future. However, I intend to always have a free version available for individuals.
- How does it discover data relationships?
I've discussed how it discovers data relationships in the documentation here: https://docs.apiparrot.com/docs/tutorial-extras/exchange-mod....
In short, the tool breaks down the data in the requests and responses into smaller parts by identifying their formats. For example, `["foo", "bar"]` would be recognized as a JSON array and broken down into the elements `"foo"` and `"bar"`. By applying this method recursively, you build a tree-like structure of the data.
If an exact match is found between data in a response from a previous request and data in a subsequent request, a correlation is detected.
Please feel free to ask if you have any more questions!
My bosses OTOH...let's just say, there's no penalty within companies for pointy haired bosses not making decisions to purchase something like this and ignoring staff.
It's a false economy but I'm tired of it and just purchase what I can afford.
Dead Comment
https://github.com/alufers/mitmproxy2swagger
My usual process is Dev tools -> Copy as CURL -> delete unnecessary headers -> translates to requests in python (these days I just use ChatGPT) -> wrap in python sdk for managing auth etc.
The OP’s correlation features are really nice though.
Unfortunately, names matter.
It is a bit frustrating when a project on GitHub doesn't have good tags or searchable keywords, making it harder to find.
Thank you for sharing this though, I was looking for a tool like this :)
There's other tools out there that can generate similar docs or playgrounds, given you have a schema/spec of some type.
https://graphql.org/learn/schema/
Did the rise of Windows cause long term harm to past generation of engineers? I doubt it since now Windows, which had a gigantic market share, still was forced to implement Linux "compatibility" for developers.
There are three popular operating systems for the modern developer and it's not unreasonable to ask for a build for all of them when presenting a project to a developer focused community.
Edit: Examples:
* Tools that are only available on MacOS (remember the days when tools were only available on Windows)
* I write a BASH script which then doesn't work for the MacOS coworkers
* Tools that are supposedly platform- independent have Linux-specific errors that get no love because their developers don't care about Linux
Now if Framework laptops were available in Norway, I'd probably rather have that, even if they're not as powerful.
Also, depending on where you work, there might be restrictions in the choice of platform. Usually limited to Mac or Windows.
It is by far the most robust hardware and 15 years later Windows laptops may finally be catching up.
My first programming job was LAMP so I had a Linux desktop and loved it. Later I got a new job that gave us laptops, but they were quite beefy.
I had a Dell laptop with an Nvidia GPU and an Intel iGPU... After updating my OS my gpu was the only way to use my laptop, which made the battery die in under an hour and of course it was much hotter.
I tried numerous driver installs, proprietary, open source, reinstall OS, different OS... Nothing got it working again on a newer version of the Linux kernel.
Went to the Apple Store bought a MBP and have never had an issue since. Not one dead laptop, in 10 years, I plug in my USB C dock and go.
2 years later, what happened to one of my coworkers? Same exact thing. He spent 3 days trying to fix it and basically had a workaround that crashed occasionally.
I get paid to produce working software not configure my OS, and people wonder why Macs are so popular?
Unnecessary abstraction
(also yes, people keep asking "what about linux" and think it's bad when you say there is literally nothing extra to consider in 95% of situations, sigh)
Besides, most devs doing web development on Macs are also using Docker, which is always Linux.
Just so you know, there is an app called Traffic Parrot (https://trafficparrot.com/). They operate on the same market, so they may not like the name you chose.
https://www.macstadium.com/
Please note that since the app isn't code-signed yet, you'll need to remove the quarantine attribute to run it. I've updated the documentation with instructions on how to do this: https://docs.apiparrot.com/docs/getting-started/download-and...
Let me know if you have any questions or run into any issues!
Any chance of a Mac version?
Good news: the Mac version is now available to download at https://apiparrot.com/#download.
Let me know if you have any feedback!
One of the issues with these tools is that more and more websites now employ multiple aggressive CAPTCHAs, fingerprints, device check, etc, rendering tools like API Parrot almost useless.