Skip to main content
Glama

HAR-MCP

Capture any website's traffic and reverse-engineer its APIs. One prompt = full audit + API docs + code snippets.

What it does

An AI assistant connects to this MCP server and gets 20 tools to:

  • Capture HAR from any URL via headless Chromium

  • Audit performance, security headers, payloads, trackers, best practices

  • Reverse-engineer APIs — discover hidden endpoints, extract auth, generate OpenAPI specs

  • Generate code — Python, curl, JS snippets for every discovered endpoint

  • Visualize — waterfall charts, audit reports, Swagger-like API docs

Related MCP server: MCP Browser Debugger

Setup

python3 -m venv .venv
source .venv/bin/activate
pip install playwright fastmcp pyyaml pytest
playwright install chromium

Run the server

python -m har_mcp.server
# Runs at http://localhost:8000/sse

Connect to your LLM

Add to your MCP config:

{
  "mcpServers": {
    "har-mcp": {
      "type": "sse",
      "url": "http://localhost:8000/sse"
    }
  }
}

All 20 MCP Tools

Capture

Tool

What it does

capture_har_tool

Capture HAR from a URL using headless browser

Performance & Security Audit

Tool

What it does

audit_website

One-shot full audit — capture + all analyses + HTML report

analyze_performance_tool

0-100 performance score with breakdown

find_slow_requests_tool

Find requests slower than threshold

find_failed_requests_tool

Find HTTP errors (4xx/5xx)

list_endpoints_tool

All endpoints with counts and avg duration

check_security_headers_tool

Missing CSP, HSTS, X-Frame-Options, etc.

find_large_payloads_tool

Find bloated responses

find_redirect_chains_tool

Detect redirect chains

find_third_party_requests_tool

Detect trackers and ad scripts

check_best_practices_tool

Caching, compression, render-blocking checks

compare_hars_tool

Compare two captures (before/after)

generate_waterfall_tool

HTML waterfall chart

generate_report_tool

Full HTML audit report

API Reverse Engineering

Tool

What it does

reverse_engineer_site

One-shot — capture + discover APIs + generate docs

discover_apis_tool

Find all hidden API endpoints from traffic

detect_auth_patterns_tool

Detect JWT, API keys, cookies, OAuth flows

generate_openapi_spec_tool

Generate OpenAPI 3.0 YAML (import into Postman/Swagger)

generate_code_snippets_tool

Python, curl, JS code for every endpoint

generate_api_docs_tool

Interactive Swagger-like HTML documentation

Example Prompts

The killer demos:

"Reverse-engineer the APIs for https://some-site.com"

Captures the site, discovers all API endpoints, detects auth patterns, generates an OpenAPI spec, code snippets, and interactive API docs.

"Audit https://some-site.com"

Full performance + security + best-practices audit with HTML report.

Specific questions:

"What APIs does this site use?" "Show me the auth patterns" "Generate a Swagger spec from this site" "Give me Python code to call their search API" "What trackers does this site have?" "Compare these two captures"

Run tests

pytest tests/ -v
# 53 passed

Project structure

har_mcp/
├── server.py          # MCP server — 20 tools over HTTP/SSE
├── capture.py         # Playwright HAR capture
├── analyzer.py        # Performance, security, best practices analysis
├── api_discovery.py   # API reverse engineering engine
├── visualizer.py      # Waterfall chart + audit report + API docs
├── models.py          # Data models
├── config.py          # Configuration
├── utils.py           # Helpers
tests/
├── sample.har         # Rich test fixture (19 entries with APIs, auth, GraphQL)
├── test_analyzer.py
├── test_api_discovery.py
├── test_capture.py
├── test_visualizer.py
F
license - not found
-
quality - not tested
D
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ankurkumar3012/har-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server