HAR-MCP
Generates curl commands for every discovered endpoint, enabling easy API interaction from the command line.
Detects GraphQL APIs within captured traffic and reverse-engineers them.
Generates OpenAPI specs that can be imported into Postman for API testing and documentation.
Generates OpenAPI specs (Swagger) and interactive Swagger-like HTML documentation.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@HAR-MCPReverse-engineer the APIs on https://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
HAR-MCP
Capture any website's traffic and reverse-engineer its APIs. One prompt = full audit + API docs + code snippets.
What it does
An AI assistant connects to this MCP server and gets 20 tools to:
Capture HAR from any URL via headless Chromium
Audit performance, security headers, payloads, trackers, best practices
Reverse-engineer APIs — discover hidden endpoints, extract auth, generate OpenAPI specs
Generate code — Python, curl, JS snippets for every discovered endpoint
Visualize — waterfall charts, audit reports, Swagger-like API docs
Related MCP server: MCP Browser Debugger
Setup
python3 -m venv .venv
source .venv/bin/activate
pip install playwright fastmcp pyyaml pytest
playwright install chromiumRun the server
python -m har_mcp.server
# Runs at http://localhost:8000/sseConnect to your LLM
Add to your MCP config:
{
"mcpServers": {
"har-mcp": {
"type": "sse",
"url": "http://localhost:8000/sse"
}
}
}All 20 MCP Tools
Capture
Tool | What it does |
| Capture HAR from a URL using headless browser |
Performance & Security Audit
Tool | What it does |
| One-shot full audit — capture + all analyses + HTML report |
| 0-100 performance score with breakdown |
| Find requests slower than threshold |
| Find HTTP errors (4xx/5xx) |
| All endpoints with counts and avg duration |
| Missing CSP, HSTS, X-Frame-Options, etc. |
| Find bloated responses |
| Detect redirect chains |
| Detect trackers and ad scripts |
| Caching, compression, render-blocking checks |
| Compare two captures (before/after) |
| HTML waterfall chart |
| Full HTML audit report |
API Reverse Engineering
Tool | What it does |
| One-shot — capture + discover APIs + generate docs |
| Find all hidden API endpoints from traffic |
| Detect JWT, API keys, cookies, OAuth flows |
| Generate OpenAPI 3.0 YAML (import into Postman/Swagger) |
| Python, curl, JS code for every endpoint |
| Interactive Swagger-like HTML documentation |
Example Prompts
The killer demos:
"Reverse-engineer the APIs for https://some-site.com"
Captures the site, discovers all API endpoints, detects auth patterns, generates an OpenAPI spec, code snippets, and interactive API docs.
"Audit https://some-site.com"
Full performance + security + best-practices audit with HTML report.
Specific questions:
"What APIs does this site use?" "Show me the auth patterns" "Generate a Swagger spec from this site" "Give me Python code to call their search API" "What trackers does this site have?" "Compare these two captures"
Run tests
pytest tests/ -v
# 53 passedProject structure
har_mcp/
├── server.py # MCP server — 20 tools over HTTP/SSE
├── capture.py # Playwright HAR capture
├── analyzer.py # Performance, security, best practices analysis
├── api_discovery.py # API reverse engineering engine
├── visualizer.py # Waterfall chart + audit report + API docs
├── models.py # Data models
├── config.py # Configuration
├── utils.py # Helpers
tests/
├── sample.har # Rich test fixture (19 entries with APIs, auth, GraphQL)
├── test_analyzer.py
├── test_api_discovery.py
├── test_capture.py
├── test_visualizer.pyThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ankurkumar3012/har-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server