Kampala
MITM proxy that reverse-engineers any app into a stable, callable API
Expert verdict
Ship
3-1The Panel's Take
Kampala, built by Zatanna AI (YC W26), is a macOS proxy tool that sits between your applications and the internet, intercepts every HTTP/HTTPS request, and automatically reverse-engineers the underlying API. It traces authentication chains — tracking tokens, cookies, and session state — and replays flows on demand, preserving original TLS fingerprints so services can't distinguish API calls from the real app. The key insight is that almost every app that lacks a public API still has a private one — and it's usually more stable than the UI. Kampala targets automation engineers, QA teams, and AI agent builders who need reliable machine-readable access to apps that haven't opened their APIs. Setup is a local MITM cert install; no cloud proxy involved. Currently macOS-only with a Windows waitlist. The team emerged from YC's Winter 2026 batch with backing from Y Combinator. Pricing is in early access, with a free tier planned for solo developers and paid plans for teams building production automations.
Share this verdict
Kampala verdict: SHIP 🚀 3 ships · 1 skip from the expert panel Full review: shiporskip.io/tool/kampala-zatanna-ai-yc-w26-mitm-api-reverse-engineering-2026
Weekly AI Tool Verdicts
Get the next verdict in your inbox
7 critics review a new AI tool every day. Weekly digest — free.
Similar Products
Compare Kampala with Others
Looking for Kampala alternatives?
Compare Kampala with every other Developer Tools tool reviewed by our panel.
See all Developer Tools alternativesEmbed this verdict
Tool makers can add a live ShipOrSkip badge to their site. Badge loads track impressions; clicks route back to this review.
<a href="https://shiporskip.io/api/badge-click/kampala-zatanna-ai-yc-w26-mitm-api-reverse-engineering-2026" target="_blank" rel="noopener"><img src="https://shiporskip.io/api/badge/kampala-zatanna-ai-yc-w26-mitm-api-reverse-engineering-2026" alt="Kampala Ship verdict on ShipOrSkip" width="360" height="90" /></a>[](https://shiporskip.io/api/badge-click/kampala-zatanna-ai-yc-w26-mitm-api-reverse-engineering-2026)<iframe src="https://shiporskip.io/embed/kampala-zatanna-ai-yc-w26-mitm-api-reverse-engineering-2026" title="Kampala ShipOrSkip verdict" width="360" height="260" style="border:0;border-radius:16px;max-width:100%;" loading="lazy"></iframe>The reviews
“This is the tool I've been building in-house at three different companies and never had time to productize properly. The auth chain tracing alone — tracking token refresh flows and session state automatically — would have saved me hundreds of hours. If it works as advertised, it's an instant ship for anyone doing integration work.”
“Terms of service violations are a real concern here. Most apps explicitly prohibit automated access through their private APIs, and companies like LinkedIn and Instagram have sued over exactly this pattern. The MITM cert requirement also opens a broad attack surface. Wait for a clearer legal stance before building production systems on this.”
“The long-term story here is about AI agents needing reliable access to every app humans use. We can't wait for every SaaS to ship an official API. Tools like Kampala are how AI agents will integrate with the existing software ecosystem for the next five years, until MCP-style universal interfaces catch up.”
“For social media automation and cross-platform content workflows this is a game-changer. Building automations for platforms with limited or expensive APIs has always required fragile browser scraping — having a stable API layer extracted from the real app traffic is a much better foundation.”