Related. We have several third party web apps in use. These apps don't expose a public api, but they are all single page web apps. We wanted to connect claude code to these web apps for our limited use case.
We opened chrome, navigated the entire website, the downloaded the network tab as an har file. The asked claude to analyze and document the apis as an openapi json. Worked amazing.
Next step - we wrote a small python script. On one side, this script implements stdio mcp. On the other side, it calls the Internal apis exposed by the 3rd party app. Only thing missing is the auth headers..
This is the best part. When claude connects to the mcp, the mcp launches a playwright controlled browser and opens the target web apication. It detects if the user is logged in. Then it extracts the auth credentials using playwright, saves them to a local cache file and closes the browser. Then it accesses the apis directly - no browser needed thereafter.
In about an hour worth of tokens with claude, we get a mcp server that works locally with each users credentials in a fairly reliable manner. We have been able to get this working in otherwise locked down corporate environments.
Super cool. I think this is where most automation is heading . Would be curious if you could one-shot the auth flow using Kampala and completely ditch the browser. Also FWIW you can import HAR into Kampala and we have a few nice tools (like being able to a/b test payloads/replay requests) that meaningfully reduce integration time.
5 years ago I used a similar approach for one of GCPs internal APIs (I think they've since released a public API that covers the use case I had). Was a bit of a pain to do manually, so it's cool to see how trivial this has become for models now.
How do you handle SSL pinning ? Most of the apps I interact with have some sort of SSL pinning, which is the hard part to circumvent. I tried Kampala but got stuck at the usual place; as soon as I enable it, chatGPT stops working. Most of my iPhone apps stop responding etc.
I would love to try using this tool to build an agent that can simply subscribe me to my gym lessons instead of me having to go on the horrible app. But even that relatively simple (iOS) app stopped working as soon as I enabled the proxy.
Unfortunately we can’t do much around SSL pinning yet. Not sure how deep you want to go, but there are several Frida scripts that patch common pinning implementations.
I also think mitmproxy (open source) has an option to spin up a virtual Android device that can bypass pinning via AVD. I have not tested how reliable it is though.
FWIW, it could also be a cert trust issue. I would try a quick Safari search to confirm the cert is fully trusted. ChatGPT is pinned, but the gym app makes me think it might be a trust or config issue on your device.
Happy to take a look as well. Email me at alex at zatanna dot ai.
Congrats. You may want to consider dropping the "reverse engineer" language though, since most every application's ToS is clear on that being prohibited. Perhaps just "replay any application" or similar.
Prety cool, are you able to output a openapi or similar spec?
I tried my hand at this once from har file, build a DAG of the requests and responses and how their parameters map into each other, and then try to build a spec.
But it was very brittle. I imagine now with LLMs its much more viable. I always thought generating clients and load tests would be a cool use case.
Totally unrelated, I am just curious about why you chose the name, as someone who is Ugandan and was born in raised in Kampala (which is the Capital City of Uganda BTW).
I built the same thing as this just for websites. [0] I'm more interested in using Claude recursion to tune itself -- the agent writes itself, the agent -- than hacking websites. It is a good demonstration that 47 iterations of a recursive Claude agent writing itself to decompose any transport.
I've tested it against YouTube, Twitch, Ticketmaster, and Yahoo Finance. It will detect any transport like JSON, WebSocket, GraphQL, SSE, Protbuf, UDP, WebRTC, ect.. It after 3 hours and some coaching succeeded in reverse engineering ChatGPT + Cloudflare Turnstile but I didn't merge that into it yet.
It works by Claude using the Chrome DevTools Protocol (CDP) intercepting all traffic.
It seems like it’s quite HTTP-centric (like most of the web…). I didn’t see anything on the page about this - can it also intercept / “reverse engineer” service calls that go over gRPC or WebSocket? I’m guessing at least a partial “yes” if the gRPC traffic uses grpc-web/Envoy?
Seems like a great product, potentially quite powerful for automated testing of SPAs.
Hey Alex, we had similar thoughts at Retriever AI of moving from webpage interactions to reverse engineering the underlying APIs.
Compared to your our approach, we are doing this entirely within a browser extension so meeting users where they already doing their existing work.
Within the extension just record doing a task, we reverse engineer the APIs and write a script. Then execute the script from within the webpage so that auth/headers/tokens get automatically added.
You can just prompt to reuse the tools at zero token cost.
This dropped just in time as I was building an app that could leverage this. Is it legal to reverse engineer an API and hit a website to extract data ? In the eyes of Apple's guidelines, they can nuke apps off the App Store if they detect you're using something like this to pull data without an official API
Interesting product (Caido co-founder here). It is very hard to nail auth, probably the most underlooked aspect by end users. We are working on something similar for PoC reproduction of vulnerabilities.
Fingerprinting is also a hard thing to match perfectly, I would be curious to know what your strategy is on that. My experience has been that unless you bundle multiple TLS lib it is almost impossible to do at 100% because none of the lib cover all the TLS extensions.
Think this is really interesting especially for creating datasets. Proxyman was always hard to use for me, so connecting it to a MCP was something I have been waiting for.
Quick question: How do you handle session re-auth mid-script?
Congrats on the launch.. I need that conference script!
Very cool. I've also had to do multiple versions of something like this ... also for healthcare. I got very good at Sikuli and Charles Web Debugging proxy back in the day.
I got banned from Hinge for reverse engineering their proxy and filtering through hundreds of profile per minute. The bot would auto filter 80%, and I could go through the last 20% as it goes, with a slick interface to view multiple profiles at once with keybindings.
It’s pretty funny to see that in their demo video given it’s a blatant violation of their ToS.
smeels like severe breach of ToS. virtually every single website and app mandates not to reverse engineer and not to temper with inner workings (including client-server networking).
side note, YC25/YC26 batches have multiple startups that blantly violate ToS and sitting on a timebomb just pending a lawsuite and Cease and Desist Letters.
83 comments
We opened chrome, navigated the entire website, the downloaded the network tab as an har file. The asked claude to analyze and document the apis as an openapi json. Worked amazing.
Next step - we wrote a small python script. On one side, this script implements stdio mcp. On the other side, it calls the Internal apis exposed by the 3rd party app. Only thing missing is the auth headers..
This is the best part. When claude connects to the mcp, the mcp launches a playwright controlled browser and opens the target web apication. It detects if the user is logged in. Then it extracts the auth credentials using playwright, saves them to a local cache file and closes the browser. Then it accesses the apis directly - no browser needed thereafter.
In about an hour worth of tokens with claude, we get a mcp server that works locally with each users credentials in a fairly reliable manner. We have been able to get this working in otherwise locked down corporate environments.
Takes very little time and tokens and I get to plug into their platform in seconds.
How do you handle SSL pinning ? Most of the apps I interact with have some sort of SSL pinning, which is the hard part to circumvent. I tried Kampala but got stuck at the usual place; as soon as I enable it, chatGPT stops working. Most of my iPhone apps stop responding etc.
I would love to try using this tool to build an agent that can simply subscribe me to my gym lessons instead of me having to go on the horrible app. But even that relatively simple (iOS) app stopped working as soon as I enabled the proxy.
I also think mitmproxy (open source) has an option to spin up a virtual Android device that can bypass pinning via AVD. I have not tested how reliable it is though.
FWIW, it could also be a cert trust issue. I would try a quick Safari search to confirm the cert is fully trusted. ChatGPT is pinned, but the gym app makes me think it might be a trust or config issue on your device.
Happy to take a look as well. Email me at alex at zatanna dot ai.
I tried my hand at this once from har file, build a DAG of the requests and responses and how their parameters map into each other, and then try to build a spec.
But it was very brittle. I imagine now with LLMs its much more viable. I always thought generating clients and load tests would be a cool use case.
Totally unrelated, I am just curious about why you chose the name, as someone who is Ugandan and was born in raised in Kampala (which is the Capital City of Uganda BTW).
Congratulations again.
I've tested it against YouTube, Twitch, Ticketmaster, and Yahoo Finance. It will detect any transport like JSON, WebSocket, GraphQL, SSE, Protbuf, UDP, WebRTC, ect.. It after 3 hours and some coaching succeeded in reverse engineering ChatGPT + Cloudflare Turnstile but I didn't merge that into it yet.
It works by Claude using the Chrome DevTools Protocol (CDP) intercepting all traffic.
[0] https://github.com/adam-s/intercept?tab=readme-ov-file#how-i...
Seems like a great product, potentially quite powerful for automated testing of SPAs.
Also not clear on the page if it is apps from the local machine or on the network. Maybe some clearer examples and use cases would help?
Compared to your our approach, we are doing this entirely within a browser extension so meeting users where they already doing their existing work.
Within the extension just record doing a task, we reverse engineer the APIs and write a script. Then execute the script from within the webpage so that auth/headers/tokens get automatically added.
You can just prompt to reuse the tools at zero token cost.
> Because Kampala is a MITM, it is able to leverage existing session tokens/anti-bot cookies and automate things deterministically in seconds
If a web property has implemented anti-bot mechanisms, what ethical reasons do you have for providing evasion as a service?
Fingerprinting is also a hard thing to match perfectly, I would be curious to know what your strategy is on that. My experience has been that unless you bundle multiple TLS lib it is almost impossible to do at 100% because none of the lib cover all the TLS extensions.
Think this is really interesting especially for creating datasets. Proxyman was always hard to use for me, so connecting it to a MCP was something I have been waiting for.
Quick question: How do you handle session re-auth mid-script?
Congrats on the launch.. I need that conference script!
Kampala (had to double check it wasn’t Harris)
Just mulling these names over, how’d you come up with them?
PS: clear value prop!
just looking for what is USP(unique selling point) here
happy for you though if this actually works
and if API is not published, and you MITM with self-compromised CAs, and then use it (commercially?) you ~100% breaking ToS.
this is just un-ethical. or YC does not have regard anymore for such things?
It’s pretty funny to see that in their demo video given it’s a blatant violation of their ToS.
side note, YC25/YC26 batches have multiple startups that blantly violate ToS and sitting on a timebomb just pending a lawsuite and Cease and Desist Letters.