gamdpfnfkjknkimfbboonmgdfnondfme
Record, replay and analyze web app behavior. Collect and export data for trouble tickets. Capture screenshots and videos. πΈ Create a tab screenshot combined with network traffic & console logs (= Event Snapshot). πΉ Create a tab video combined with network traffic & console logs (= Behavior Report). β« Export your findings as a single file or even temporarily share it via cloud - FREE of charge & without user account. π Use the webQsee DevTools for realtime-insight in a tab's network traffic and console logs. Export and import HAR (HTTP archives) besides our custom formats (Event Snapshot & Behavior Report). webQsee is privacy-centric. Data you capture with webQsee is stored LOCALLY per default and does NOT leave your system without your prior knowledge. For a more detailed list of features, visit webqsee.com
OpenLink Structured Data Sniffer
What is it? The OpenLink Structured Data Sniffer (OSDS) is an extension for Web Extensions compliant browsers (e.g., Google Chrome, Microsoft Edge, Opera, and many others) that discovers Metadata embedded within HTML documents as Structured Data Islands and presents what's discovered using a Property Sheet presentation style. Currently, OSDS supports discovery and processing of Structured Data Islands published using notations such as Microdata, RDFa, JSON-LD, RDF-Turtle, RDF-XML, CSV, and JSON. Why is it important? It simplifies the process of understanding what a given HTML document is about, via its metadata, for both end-users and developers. For instance, it helps Digital Brand Managers, Digital Content Managers, and Semantic Search Engine Optimization (SSEO) practitioners understand what may or may not be affecting Search Engine Results Pages (SERPs) placements. Simply install the extension to your browser and then visit a page of interest. On page arrival, the OSDS icon will be visually activated thereby indicating metadata discovery; once the icon is clicked, you will be presented with a presentation of transformed metadata.
Netify
Debugging proxy that will allow you to intercept and mutate requests from a web page Netify is a debugging proxy that will allow you to intercept and mutate your requests, like Fiddler or Charles, but it more compact and implemented directly in the Chrome. Features that Netify gives you: - Filter requests for proxy by URL, method or type of resource. - Redirect request to arbitrary URL. - Adding, replacing and removing request headers. - Replacing the request body, text/JSON, Base64 or form data. - Replacing the response status code. - Adding, replacing and removing response headers. - Replacing the response body with a text value, Base64, or file's content. - Adding an extra response delay - Cancel request on the client. - The above changes can be made according to predefined rules, by script or by making changes to the intercepted request (like breakpoint). Attention!!! This extension is based on the experimental features of the Chrome Devtool protocol, which may lead to inoperability with the update of the browser. If you have some trouble with Netify or you have some suggestions, please report it here (https://github.com/vladlavrik/netify/issues)
ModResponse - Mock and replay API
Mock, modify, and replay API. Easy setup. No proxy needed. No code change required. ModResponse is a powerful and easy-to-use tool for web developers that simplifies the process of modifying, stubbing, and replaying HTTP responses. It requires no extra proxy or code change to be made, allowing you to quickly and conveniently test different scenarios and debug edge cases. With ModResponse, you can modify the API response, return different HTTP status code, add delay to your request, etc. You can also reroute your HTTP request to a different server, allowing you to test your local changes in production domain within seconds, without the risk of breaking production. ModResponse does not require extra proxy or making any code change. It can modify pretty much any HTTP request, not just XHR requests. Simply install it and you are ready to go! ** What can ModResponse do?** - Record and replay HTTP response - Stub HTTP response - Reroute request to a different URLs - Change HTTP response body, status code, and headers - Delay HTTP requests to simulate slow network - Simulate network errors - Advanced filtering by tab, tab group, window, or time - Demo with fake data Want to create perfect data for your product demo? With ModResponse, you can replace the actual API response with a fake one that contains the data you want. No need to change your real data or make code change. - Speed up slow requests Do you have API requests that are taking a long time to finish, and every time you make a small UI tweak you need to wait >10 seconds for the API request to finish to visualize your change? Using replay response, you can record and replay the slow API request. That way, you will only need to wait on the slow API request once. All subsequent requests to be served from the cached response within a few milliseconds. - Develop against edge cases Need to handle a 4XX or 5XX status code from an XHR request, or try out how your UI will behave with a very long string? Using replay response or stub response, you can modify the response body, status code, or response headers to simulate different scenarios that you need to handle. - Develop against unimplemented APIs Are you a web developer who is blocked because an endpoint you depend on is not yet implemented? Using stub response, you can mock the API response so you can start developing against that endpoint. That way, you can develop the frontend while others implement the endpoint (as long as the actual implementation return the response in the same format). - Testing on production domains Do you need to integrate with a third party platform that only works on your production domain? Using proxy request, you can reroute the request from your production domain to localhost or a dev domain, allowing you to test your changes on your production domain without the risk of breaking it. - Debug edge cases Need to test how your app behaves when some resources takes too long to load, or when they fail to load due to network errors? With ModResponse, you can add artificial delay and simulate different network error conditions so you can debug and handle edge cases with ease. ** Other ModResponse features ** - Support having multiple profiles with quick switching between profiles - Export and import profile - Easily share your profiles with others - Dark mode support - Customizable profile badge - Clone profile ...and more!!! "debugger" is required in order for response modification to work. "tabs" permission is required for prefilling the URLs, and for tab filter, tab group filter, and window filter to work. "storage" and "unlimitedStorage" are required to store the response modification. "contextMenus" is used to enable quick pause/unpause by right-clicking on the icon. ** Known issues ** 1, You will see ["ModResponse" started debugging this browser] banner when ModResponse is activated. This is because it uses the debugger API, which is needed for response modification. Due to Chrome's security policy (https://crbug.com/1096262), that banner would show up on all tabs even when a tab is not being modified, and it may still for a few more seconds after ModResponse is paused or disabled. To hide it, you can run chrome with --silent-debugger-extension-api command line switch. 2, Clicking on the "Cancel" button on the ["ModResponse" started debugging this browser] banner will not deactivate ModResponse. To deactivate it, please open ModResponse and click on the "Pause" button. Once paused, the banner should disappear in a few seconds.
OWASP Penetration Testing Kit
The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether youβre a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browserβbefore any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTKβs built-in IAST engine instruments your app at runtimeβright in the browserβtracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTKβthe extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!
