API Doc Converter #253
Description
Extension URL
https://github.com/securient/Burp-API-Doc-Converter
Version number
1.2.0
Select additional compatible products and features
- Community
- DAST
- Burp AI
Author display name
Vinod Tiwari & Anirudh Duggal
Contact details (optional)
Discord username (optional)
No response
I confirm that the following is true:
- I have permission from all relevant persons to submit this extension to the BApp Store for public use, under the terms and conditions of the EULA.
- I have read and understood the submission requirements for the BApp Store.
Extension overview
API Doc Converter is a Burp Suite extension that passively records in-scope HTTP traffic and generates API specifications from observed requests and responses. It works with any web application, even those with no API documentation, no OpenAPI spec, or ones that only make traditional HTML form-based HTTP calls.
Key features
- Traffic Recording: Record endpoints, methods, body and query string parameters of in scope targets
- Per-Host Data Isolation: Can switch between hosts/subdomains of a advanced target
- Analysis Engine: Path parameterization, schema merging, and auth detection
- GraphQL Support: Identifies Graphql endpoints and operations type
- Pentest Automation Features: cURL command and sensitive data detection
- Export Formats: export OpenAPI spec in json/yaml, postman collection, and graphql schema
Usage instructions
Step 1: Add Targets to Scope
Step 2: Start Recording - Navigate to the API Doc Converter tab and click Start Recording
Step 3: Browse the Target Application
Step 4: Filter by Host - If you have multiple domains in scope, use the Host dropdown to focus on one. This filters both the table and the export.
Step 5: Review Captured Data
Step 6: Export - Select a host from the dropdown (or "All Hosts") and export format (OpenAPI JSON, OpenAPI YAML, Postman, or GraphQL SDL)
Template identifier (Internal use only - please ignore)
- template:01-submit-extension