OpenAPI Parser

OpenAPI Parser is an extension aimed at streamlining the process of performing web service assessments involving OpenAPI based APIs.

This extension provides the following features (non-exhaustive list):

• OpenAPI specifications can be parsed either from a supplied file or URL. The extension can also fetch OpenAPI specifications directly from a URL using the Send to OpenAPI Parser option featured under the Target -> Site map context menu.
• Parse OpenAPI Specification, formerly known as the Swagger Specification, fully compliant with OpenAPI 2.0/3.0/3.1 Specifications (OAS).
• Requests can be directly viewed and edited within the extension prior to sending them to other Burp tools.
• Requests can be sent to the following Burp tools:
  • Comparer
  • Intruder
  • Repeater
  • Scanner
  • Scope
  • Site map
• Requests matching specific criterias (set in the Parameters tab) can be intercepted to automatically match and replace the parameters parsed values with user-defined values. This feature allows for fine-tuning of the requests prior to sending them to other Burp's tools (e.g., scanner). Edited requests can be viewed within the Modified Request (OpenAPI Parser) tab of Burp's message editor.
• Row highlighting allowing pentesters to highlight interesting API calls and/or colour code them for screenshotting/reporting purposes.
• Supports both JSON and YAML formats.

If you are experiencing any issue at all, please raise an issue on the GitHub project page or contact me personally via LinkedIn.