Skip to main content

Overview

This guide will help you set up and run APITHON quickly. In less than 5 minutes, you’ll have a working API gateway for protocol analysis.
Make sure you have Python 3.x installed before proceeding. Check your version with python --version

Quick Setup

1

Install Dependencies

Install the required Python packages for APITHON:
pip install flask playwright curl_cffi
Then install the Chromium browser for Playwright automation:
playwright install chromium
Use a virtual environment to keep your system Python clean: python -m venv venv && source venv/bin/activate (Linux) or venv\Scripts\activate (Windows)
2

Run APITHON

Launch the script to start the interception process:
python apithon.py
You’ll see the APITHON ASCII art banner confirming the script has started:
┌──────────────────────────────────────────────────────────────────────────┐
│  _______  _______  ___  _______  __   __  _______  __    _               │
│ |   _   ||       ||   ||       ||  | |  ||       ||  |  | |              │
│ |  |_|  ||    _  ||   ||_     _||  |_|  ||   _   ||   |_| |              │
│ |       ||   |_| ||   |  |   |  |       ||  | |  ||       |              │
│ |       ||    ___||   |  |   |  |       ||  |_|  ||  _    |              │
│ |   _   ||   |    |   |  |   |  |   _   ||       || | |   |              │
│ |__| |__||___|    |___|  |___|  |__| |__||_______||_|  |__|              │
│                                                                          │
│  >> UNHACKERENCAPITAL | PROTOCOL ANALYSIS | GATEWAY POC v3.0 <<          │
└──────────────────────────────────────────────────────────────────────────┘
3

Enter Target URL

When prompted, enter the URL of the service you want to analyze:
[?] Ingrese la URL del objetivo (ej: app.serviciollm.com):
You can enter the URL with or without https:// - APITHON will automatically add it if missing (apithon.py:55-56)
A Chromium browser window will open automatically. APITHON will:
  • Navigate to the target URL
  • Detect the input interface
  • Send an automated validation signal (.)
  • Capture session tokens and protocol structure
[*] Estableciendo túnel en: https://your-target-url.com
[*] Iniciando validación automatizada...
[+] Interfaz detectada. Enviando validación ('.')
[+] PROTOCOLO CAPTURADO: Estructura de sesión sincronizada.
4

Select Operating Mode

Choose your preferred mode:
[ Seleccione Entorno ]
1. Modo Pasarela (Gateway / API Key + Tutorial)
2. Modo Chat Directo

> Opción: 1
For this quickstart, select option 1 (Gateway Mode).
5

Configure Network Scope

Choose where the API will be accessible:
[ Configuración de Red ]
L. Localhost (Solo este equipo)
N. LAN (Disponible en toda tu red local)
> Alcance (L/N): L
  • L (Localhost): API only accessible from 127.0.0.1 - secure for local testing
  • N (LAN): API exposed on 0.0.0.0 - accessible from other devices on your network
The Flask server will start and display a comprehensive tutorial with platform-specific commands.
6

Make Your First API Request

APITHON will display the exact curl command for your platform. Here’s an example for Linux/Bash:
curl http://127.0.0.1:5000/v1/chat/completions \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer UnHackerEnCapital' \
  -d '{"messages": [{"role": "user", "content": "Hello, this is a test message"}]}'

curl http://127.0.0.1:5000/v1/chat/completions \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer UnHackerEnCapital' \
  -d '{"messages": [{"role": "user", "content": "Hello from APITHON!"}]}'
7

View the Response

You’ll receive a JSON response in OpenAI-compatible format (apithon.py:139):
{
  "choices": [
    {
      "message": {
        "role": "assistant",
        "content": "Response text from the target service..."
      }
    }
  ],
  "model": "apithon-v3"
}
The response format is compatible with OpenAI’s Chat Completions API, making it easy to integrate with existing tools and libraries.

Understanding the Endpoint

API Endpoint Structure

POST http://127.0.0.1:5000/v1/chat/completions

Required Headers

HeaderValuePurpose
Content-Typeapplication/jsonSpecifies JSON payload
AuthorizationBearer UnHackerEnCapitalAPI authentication (apithon.py:29)

Request Body Format

{
  "messages": [
    {
      "role": "user",
      "content": "Your message here"
    }
  ]
}
APITHON extracts the last message content from the messages array (apithon.py:137)

Response Format

Successful response (HTTP 200): 
{
  "choices": [
    {
      "message": {
        "role": "assistant",
        "content": "Assistant response"
      }
    }
  ],
  "model": "apithon-v3"
}
Unauthorized response (HTTP 401): 
{
  "error": "Unauthorized"
}

Platform-Specific Notes

PowerShell has a built-in curl alias that points to Invoke-WebRequest. APITHON automatically generates commands using curl.exe to use the native curl binary (apithon.py:151).Always use curl.exe instead of curl in PowerShell for proper behavior.
CMD requires specific JSON escaping. APITHON generates the correct escape sequences automatically (apithon.py:154).
Bash commands use single quotes for the JSON payload and backslash line continuation for readability (apithon.py:157-160).

What’s Happening Behind the Scenes?

When you make an API request:
  1. Flask receives your request at /v1/chat/completions (apithon.py:132)
  2. Authentication validates your Bearer token (apithon.py:134-136)
  3. Message extraction pulls the user content from the messages array (apithon.py:137)
  4. Protocol translation converts your request to the target service’s internal format (apithon.py:103-129)
  5. Request execution sends the translated request with captured session tokens (apithon.py:123)
  6. Response parsing extracts the reply using regex patterns (apithon.py:124-126)
  7. JSON formatting returns the response in OpenAI-compatible format (apithon.py:139)

Next Steps

Installation Guide

Detailed installation instructions and troubleshooting tips

Introduction

Learn more about APITHON’s architecture and use cases

Stopping APITHON

To stop the gateway server, press Ctrl+C in the terminal: 
[MANTENIENDO PASARELA... Ctrl+C para cerrar]
^C
[!] Proceso finalizado.
The gateway runs in a daemon thread, so you can safely interrupt it without data corruption.

Build docs developers (and LLMs) love

Get started for freeTalk to us