Introduction
mitm2openapi converts mitmproxy flow dumps and HAR files into OpenAPI 3.0 specifications. It ships as a single static binary — no Python, no virtual environment, no runtime dependencies.
It is a Rust rewrite of mitmproxy2swagger by @alufers, who pioneered the "capture traffic, extract API spec" workflow. Credit to the original project for the idea and reference implementation.
Why?
The Python original works well but requires Python, pip, and mitmproxy installed in the
environment. For CI pipelines, slim Docker images, security audits, and one-off usage, that
dependency chain is friction.
mitm2openapi ships as a single ~5 MB static binary. Drop it into any environment and run.
Same OpenAPI 3.0 output, plus first-class HAR support and glob-based filters for fully
unattended pipelines.
Features
- Fast — pure Rust, ~17× faster than the Python original (benchmarks)
- Single static binary — no Python, no venv, no pip, no runtime dependencies
- Two-format support — mitmproxy flow dumps (v19/v20/v21) and HAR 1.2
- Two-step workflow —
discoverfinds endpoints, you curate,generateemits OpenAPI 3.0 - Glob filters —
--exclude-patternsand--include-patternsfor automated pipelines - Error recovery — skips corrupt flows, continues processing
- Auto-detection — heuristic format detection from file content
- Resource limits — configurable caps prevent denial-of-service on untrusted input
- Strict mode — treat warnings as errors for CI gates
- Structured reports —
--reportoutputs machine-readable JSON processing summaries - Battle-tested — integration tests against Swagger Petstore and OWASP crAPI
- Cross-platform — Linux, macOS, Windows pre-built binaries
How it works
The tool uses a two-step workflow:
- Discover — scan captured traffic and list all observed API endpoints
- Curate — review the list and select which endpoints to include
- Generate — produce a clean OpenAPI 3.0 spec from the selected endpoints
This separates endpoint selection from spec generation, giving you full control over what ends up in the final spec.