Skip to main content

Deprecated Python package. apisniff has moved to Go; install via Homebrew.

Project description

apisniff

One tool for API recon: preflight defenses, capture real traffic, extract a usable spec.

CI License: MIT

What you get

  • Probe a URL in 10 seconds, classify 25+ vendor products (Cloudflare, Akamai, DataDome, PerimeterX, Imperva, Kasada, and more)
  • Capture browser traffic through Chrome DevTools Protocol by default; use proxy mode when you need MITM fallback capture.
  • Import HAR files or Burp Suite exports for offline analysis
  • Generate an OpenAPI spec from captured traffic with schema inference and example values
  • Replay captured calls against the live API and see what changed
  • Export safely: derived artifacts only, no raw traffic, no credentials

Install

brew tap 4LAU/tap && brew install apisniff

The Go build is a single binary with no Python runtime dependency. From source:

go build -ldflags="-s -w" -o apisniff ./cmd/apisniff

Quick Start

# Check what defenses a site has
apisniff probe example.com

# Capture live traffic with Chrome DevTools Protocol
apisniff recon example.com

# Fallback: run a local MITM proxy for a browser/client you configure
apisniff recon example.com --mode proxy --port 8080

# Generate an API spec from the capture
apisniff spec example.com -o spec.yaml

# Replay captured calls to detect drift
apisniff replay example.com

# Export a safe, shareable summary
apisniff share example.com

Commands

Command Purpose Docs
probe Defense preflight: assess defenses, detect vendors, check rate limits Reference →
recon Capture + classify: CDP by default, proxy fallback, filter noise Reference →
analyze Offline analysis: import HAR, Burp XML, or JSONL captures Reference →
replay Replay captured calls and detect API drift Reference →
spec Generate OpenAPI 3.0.3 from captured traffic Reference →
share Export shareable summary (no raw traffic, no credentials) Reference →

Every command supports --help for full flag documentation. See the CLI spec for output format contracts and conventions.

Guides

Important Warnings

Only run apisniff against systems you own, administer, or have explicit permission to test. The tool is built for API discovery and debugging, but it sends real requests and can capture sensitive session data.

Your IP address is exposed

This tool sends real HTTP requests from your IP. Aggressive or repeated probing can get you rate-limited or blocked. apisniff probe rate fires rapid requests, so use it deliberately.

Results reflect your IP's reputation. Residential IPs see fewer challenges than datacenter/cloud IPs. Use --proxy to compare results from different vantage points.

Capture files contain sensitive data

recon and analyze capture full HTTP traffic including cookies, auth tokens, API keys, and form submissions. Raw bundles are stored locally with owner-only permissions and are never safe to share, commit, or upload.

Use apisniff share to create a safe export with only derived artifacts.

Recon capture modes

apisniff recon defaults to --mode cdp-launch. It launches Chrome with a dedicated user data directory and a DevTools port, then captures request/response data from Chrome's Network domain. The target sees Chrome's real TLS and HTTP/2 behavior, but JavaScript-level automation signals may still exist because Chrome is launched for automation.

--mode cdp-attach connects to an existing Chrome DevTools endpoint with --remote-url or --port.

CDP capture records API responses, response body size metadata, and WebSocket handshake/frame summaries when Chrome exposes those events.

--mode proxy starts a local HTTP/HTTPS MITM proxy with HTTP/2 support. For HTTPS capture, the client you route through the proxy must trust ~/.apisniff/ca-cert.pem. Treat that CA as sensitive local configuration: a trusted CA can decrypt HTTPS traffic from clients that trust it and send traffic through this proxy. The private key is stored at ~/.apisniff/ca-key.pem with owner-only permissions.

What recon can see

CDP modes only record traffic from the Chrome session apisniff launches or attaches to. Proxy mode only records traffic from clients explicitly configured to use the local proxy.

Other apps, other browser windows, background services, and normal device traffic are not routed through apisniff unless you configure them for the same capture mode. apisniff does not turn on device-wide network capture, install a VPN, or monitor traffic outside the chosen session.

Press Ctrl+C to end a proxy capture session. If you see a port-in-use error, another capture session is probably still running on that port.

What to do with the spec

# Generate a client library
openapi-generator generate -i spec.yaml -g python -o client/

# Import into Postman: File → Import → select spec.yaml

# Feed to an LLM
cat spec.yaml | llm "write a Python client for this API"

Development

git clone https://github.com/4LAU/apisniff.git
cd apisniff
go test ./...
go build -o apisniff ./cmd/apisniff

See CONTRIBUTING.md for the local development workflow and SECURITY.md for vulnerability reporting.

Build release binaries with -ldflags="-s -w" to keep binary size under the distribution target.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

apisniff-0.1.3.tar.gz (324.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

apisniff-0.1.3-py3-none-any.whl (69.8 kB view details)

Uploaded Python 3

File details

Details for the file apisniff-0.1.3.tar.gz.

File metadata

  • Download URL: apisniff-0.1.3.tar.gz
  • Upload date:
  • Size: 324.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for apisniff-0.1.3.tar.gz
Algorithm Hash digest
SHA256 5b8a2871fd4c60206512fa40e4bcf912bcdbdcebc09f378ee5d61fc45b4b34f0
MD5 69e2d5b7c1ff6c5304d4f1a467c9efdb
BLAKE2b-256 2904fea1c069c49f59b422a8287769f848ec59c559063e47241cd665f612aea2

See more details on using hashes here.

File details

Details for the file apisniff-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: apisniff-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 69.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for apisniff-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7e094c69d680b02c0cc41426b86b97f5f89d42d872242b5ad449a91a2f6f5399
MD5 d073a8b643e06b59874dd5d79366ad53
BLAKE2b-256 fbd0d5ac2e9cb04de27cfbec1776b4db6077f541dd5294eac51a8e3613a34dcb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page