Api Sniffer Endpoint Dete
✨ AI-Powered View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation.
Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🆕 What's New in Version 2.2:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔌 WebSocket Monitoring:
• Real-time capture of all WebSocket connections and messages (sent & received).
• Split-panel UI with connection sidebar and live message stream.
• Pause/Resume listening to freeze capture without losing data.
• Export captured WebSocket data as JSON or CSV with one click.
📡 WebRTC Monitoring:
• Intercepts all RTCPeerConnection creation, ICE candidates, SDP offers/answers, data channels, and media tracks.
• Full event stream with color-coded badges for each event type.
• Export all WebRTC data as structured JSON.
• Shared Pause/Resume control with WebSocket monitoring.
🔐 Passive API Leak Detection (Secrets Scanner):
• Automatically scans all request URLs, request headers, response headers, and response bodies for leaked secrets.
• Detects 38+ secret types: AWS keys, Google API keys, Stripe keys, JWTs, Bearer tokens, GitHub/GitLab tokens, Slack/Discord/Telegram tokens, OpenAI keys, SendGrid keys, Firebase keys, Shopify tokens, private keys, and more.
• URL parameter scanning catches API keys leaked in query strings (?key=, ?api_key=, ?access_token=, ?token=, ?secret=).
• Context-Aware Filtering: Smart false-positive reduction that examines JSON key names — drops normal IDs (request_id, client_id, etc.) and only reports values assigned to security-sensitive keys (password, secret, token, auth, etc.).
• Click any detected leak to view full details with matched value and surrounding context.
• Export all findings as CSV for reporting.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✨ Features from Version 2.1:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
• Advanced Dashboard: A full-page professional dashboard for in-depth API testing.
• API Repeater: Send, modify, and replay captured HTTP requests manually. View raw requests and preview responses instantly with multi-tab support.
• API Automator (Fuzzer): Automate API testing by injecting payloads into requests using the §target§ marker. Supports manual lists, .txt file uploads, numeric ranges, and incremental payloads.
• Target Scope Management: Define specific domains in your scope and easily filter the popup to "Show Scope Only," keeping your workspace clutter-free.
• 1-Click Integration: Instantly send any captured endpoint from the popup directly to the Repeater (RPT) or Automator (AUT) queues.
• CSV Export for Automator: Export all your automated run results (including status codes, lengths, and response times) directly to a CSV file.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔥 Key Features:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🚀 Real-time Monitoring — Automatically captures fetch/XHR requests, WebSocket messages, and WebRTC connections silently as you browse.
🧹 Smart Filtering — Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains. Target Scope lets you strictly focus on testing domains.
🔐 Leak Detection — Passively scans all network traffic for accidentally exposed API keys, tokens, passwords, and secrets with context-aware false-positive filtering.
📂 One-Click Export — Instantly copy all endpoints to your clipboard, or download them as a clean .txt, structured .json for Postman/Insomnia, or CSV for spreadsheets.
🎯 Precision Control — Easily start, stop, pause, or reset the recording process at any time. Remove single endpoints from the list without clearing everything.
🔌 Protocol Coverage — Monitors HTTP (XHR/Fetch), WebSocket, and WebRTC traffic from a single extension.
⚡ Lightweight & Secure — Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.
Tags
Privacy Practices
🔐 Security Analysis
This extension hasn't been security-scanned yet.