April 16, 2026

Reverse it, ship it, cue the drama

Article URL →HN comments →

Launch HN: Kampala (YC W26) – Reverse-Engineer Apps into APIs

Reverse any app? Hype vs “good luck with logins” and a Kamala joke

TLDR: Kampala launches a Mac app to watch and replay everything your apps do online, aiming to turn clicks into usable APIs. Commenters loved the vision but clashed over tough login and fingerprint issues, mocked broken links, and showed off DIY AI alternatives—making the debut flashy but unproven.

Kampala just dropped a shiny “see every request” tool that promises to peek behind any app’s curtain, map the whole sign‑in maze, and replay it like a playlist—Mac users can grab it now, with Windows on a waitlist. The pitch: turn messy app clicks into neat, reusable actions and APIs. The crowd? Loud, split, and hilarious.

Security pros showed up fast. One co‑founder of a rival tool cheered the idea but threw cold water on the hardest parts: “auth” (the delicate dance of logging in) and “fingerprinting” (your device’s unique vibe). Translation: cool demo, but the real world bites. Another user hit the brakes for a less glamorous reason—broken links on the site—and begged for clearer examples. Meanwhile, the name “Kampala by Zatanna” birthed instant memes: one commenter admitted they double‑checked it wasn’t “Kamala,” then praised the clear value anyway.

Then the DIY crew rolled in. One team bragged they already did this by exporting browser traffic and asking an AI to sketch the whole API map. Another dev flexed a wilder stunt: an AI agent “writing itself” in dozens of loops to decode big sites. So the vibe is equal parts “shut up and take my download” and “show me it survives real logins,” with a side of name jokes and a mini link fiasco. If you’re curious, download for macOS, or join the Windows waitlist

Key Points

  • Kampala is a Zatanna product that reverse engineers websites, mobile apps, and desktop apps by intercepting network traffic.
  • It provides real-time interception of HTTP/HTTPS requests from any app or browser.
  • The tool automatically maps authentication chains, including tokens, cookies, sessions, and multi-step sequences.
  • Captured request sequences can be replayed and exported to build stable automations, with HTTP/TLS fingerprint preservation to match original behavior.
  • A macOS version is available now; Windows support is planned with a waitlist, and Discord is offered for support.

Hottest takes

“It is very hard to nail auth” — Sytten
“Links on the page doesn’t work” — mkirsten
“Kampala (had to double check it wasn’t Harris)” — Barbing

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.