OpenAPI Parser

The OpenAPI Parser extension streamlines the process of assessing web services that use OpenAPI-based APIs. The extension offers the following features (not an exhaustive list):

• OpenAPI specifications can be parsed from a file or URL. The extension can also fetch OpenAPI specifications directly from a URL using the Send to OpenAPI Parser option in the Target -> Site map context menu.
• Parse OpenAPI Specification, formerly known as the Swagger Specification, fully compliant with OpenAPI 2.0/3.0/3.1 Specifications (OAS).
• Requests can be directly viewed and edited within the extension before sending them to other Burp tools.
• Requests can be sent to the following Burp tools:
  • Comparer
  • Intruder
  • Repeater
  • Scanner
  • Scope
  • Site map
• Requests matching specific criteria (set in the Parameters tab) can be intercepted to automatically replace the parsed parameter values with user-defined values. This feature allows for fine-tuning of the requests before sending them to other Burp's tools (e.g., scanner). Edited requests can be viewed within the Modified Request (OpenAPI Parser) tab of Burp's message editor.
• Row highlighting allows pentesters to highlight interesting API calls and/or color-code them for screenshotting/reporting purposes.
• Includes an export to CSV feature, allowing users to easily export selected API requests in CSV format for further analysis or reporting.
• Supports both JSON and YAML formats.

If you encounter any issues, please raise an issue on the GitHub project page or contact me personally via LinkedIn.