Get full details of a captured flow. Args: flow_id: The ID of the captured flow full_body: If True, return full request body instead of 2000-char preview

Batch inspect multiple flows in one call. Reduces context usage vs calling inspect_flow N times. Args: flow_ids: Comma-separated list of flow IDs to inspect fields: Comma-separated list of DB columns to select. e.g. "id,url,method,request_headers,request_body" to skip response data. Default: all columns. full_body: If True, return full request body instead of preview

Infer a simple schema from a flow's JSON response body.

Import flows from a HAR or mitmproxy flow file into the traffic database. After import, all traffic inspection tools work on the imported data. No proxy needs to be running. Args: file_path: Path to .har or .mitm/.flow file append: If True, keep existing traffic. If False (default), clear first. scope: Comma-separated list of domains to filter by during import. Only flows matching these domains are imported.

Extract specific data from a flow's response body using JSONPath or CSS selectors. Args: flow_id: The ID of the captured flow json_path: A JSONPath expression to extract data from a JSON response css_selector: A CSS selector to extract data from an HTML/XML response

Search captured traffic using filters. Args: query: Keywords to search in URL or body domain: Filter by domain name method: Filter by HTTP method (GET, POST, etc.) limit: Max results to return

Manually set a session variable to use in replayed flows.

Extract a value from a flow's response body using a regex and store it as a session variable. Args: name: Variable name (referenced as $name in replay_flow) flow_id: The ID of the flow to extract from regex_pattern: The regex pattern with capture groups group_index: Which regex capture group to extract (default: 1)

Clear all captured traffic from the database.

Fuzz an endpoint by substituting a target parameter with a category of DAST payloads. Args: flow_id: The flow to replay as the base request. target_param: The name of the parameter to replace. param_type: The location of the parameter: 'query' or 'json_body'. payload_category: The category of payloads ('sqli', 'xss', 'path_traversal').

Replay a captured flow, optionally with modified method, headers, or body. Supports session variable injection (e.g., $token) in headers and body.

List all available tools with their descriptions.

Exports captured API traffic patterns to an OpenAPI v3 JSON specification. Args: domain: Filter traffic by domain limit: Max number of traffic flows to analyze. None = all flows.

Cluster captured traffic into endpoint patterns. Args: domain: Filter traffic by domain limit: Max number of flows to analyze. None = all flows.

Generate executable scraper/automation code from a comma-separated list of flow IDs. Args: flow_ids: Comma-separated list of flow IDs to include in the script. target_framework: The framework to generate code for (TODO: Add additional frameworks: Only 'curl_cffi' is currently supported).