Hacker News

Related. We have several third party web apps in use. These apps don't expose a public api, but they are all single page web apps. We wanted to connect claude code to these web apps for our limited use case.

We opened chrome, navigated the entire website, the downloaded the network tab as an har file. The asked claude to analyze and document the apis as an openapi json. Worked amazing.

Next step - we wrote a small python script. On one side, this script implements stdio mcp. On the other side, it calls the Internal apis exposed by the 3rd party app. Only thing missing is the auth headers..

This is the best part. When claude connects to the mcp, the mcp launches a playwright controlled browser and opens the target web apication. It detects if the user is logged in. Then it extracts the auth credentials using playwright, saves them to a local cache file and closes the browser. Then it accesses the apis directly - no browser needed thereafter.

In about an hour worth of tokens with claude, we get a mcp server that works locally with each users credentials in a fairly reliable manner. We have been able to get this working in otherwise locked down corporate environments.

smeels like severe breach of ToS. virtually every single website and app mandates not to reverse engineer and not to temper with inner workings (including client-server networking).

side note, YC25/YC26 batches have multiple startups that blantly violate ToS and sitting on a timebomb just pending a lawsuite and Cease and Desist Letters.

so if API is published, there is nothing to reverse engineer.

and if API is not published, and you MITM with self-compromised CAs, and then use it (commercially?) you ~100% breaking ToS.

this is just un-ethical. or YC does not have regard anymore for such things?

I built the same thing as this just for websites. [0] I'm more interested in using Claude recursion to tune itself -- the agent writes itself, the agent -- than hacking websites. It is a good demonstration that 47 iterations of a recursive Claude agent writing itself to decompose any transport.

I've tested it against YouTube, Twitch, Ticketmaster, and Yahoo Finance. It will detect any transport like JSON, WebSocket, GraphQL, SSE, Protbuf, UDP, WebRTC, ect.. It after 3 hours and some coaching succeeded in reverse engineering ChatGPT + Cloudflare Turnstile but I didn't merge that into it yet.

It works by Claude using the Chrome DevTools Protocol (CDP) intercepting all traffic.

[0] https://github.com/adam-s/intercept?tab=readme-ov-file#how-i...

It seems like it’s quite HTTP-centric (like most of the web…). I didn’t see anything on the page about this - can it also intercept / “reverse engineer” service calls that go over gRPC or WebSocket? I’m guessing at least a partial “yes” if the gRPC traffic uses grpc-web/Envoy?

Seems like a great product, potentially quite powerful for automated testing of SPAs.

Congrats. You may want to consider dropping the "reverse engineer" language though, since most every application's ToS is clear on that being prohibited. Perhaps just "replay any application" or similar.

Congratulations.

How do you handle SSL pinning ? Most of the apps I interact with have some sort of SSL pinning, which is the hard part to circumvent. I tried Kampala but got stuck at the usual place; as soon as I enable it, chatGPT stops working. Most of my iPhone apps stop responding etc.

I would love to try using this tool to build an agent that can simply subscribe me to my gym lessons instead of me having to go on the horrible app. But even that relatively simple (iOS) app stopped working as soon as I enabled the proxy.

Congratulations on the launch.

Totally unrelated, I am just curious about why you chose the name, as someone who is Ugandan and was born in raised in Kampala (which is the Capital City of Uganda BTW).

Congratulations again.

> Because Kampala is a MITM, it is able to leverage existing session tokens/anti-bot cookies and automate things deterministically in seconds

If a web property has implemented anti-bot mechanisms, what ethical reasons do you have for providing evasion as a service?

This makes me want to never create a public service again.

Cool! Links on the page doesn't work, at least not for me, e.g., https://www.zatanna.ai/kampala#how-it-works

Also not clear on the page if it is apps from the local machine or on the network. Maybe some clearer examples and use cases would help?

Interesting product (Caido co-founder here). It is very hard to nail auth, probably the most underlooked aspect by end users. We are working on something similar for PoC reproduction of vulnerabilities.

Fingerprinting is also a hard thing to match perfectly, I would be curious to know what your strategy is on that. My experience has been that unless you bundle multiple TLS lib it is almost impossible to do at 100% because none of the lib cover all the TLS extensions.

Zatanna

Kampala (had to double check it wasn’t Harris)

Just mulling these names over, how’d you come up with them?

PS: clear value prop!

Wireshark + some post processing?

Great job Alex!

Think this is really interesting especially for creating datasets. Proxyman was always hard to use for me, so connecting it to a MCP was something I have been waiting for.

Quick question: How do you handle session re-auth mid-script?

Congrats on the launch.. I need that conference script!

how does this work? for eg, how is it possible to even deduce bitcoin structure from rpc list?

How is this different/better than charles proxy/proxyman or similar apps?

guess time to move to gRPC and private encryption.

[dead]

[dead]