kefjafhbdlhjhgoaiifnopcjpmhbbhjd
Security tool to actively detect external API calls made from displayed web page Identify potential security risks by mapping all external API calls made through JavaScript. This professional-grade extension provides real-time monitoring of web page communications, helping security teams uncover hidden data flows, unauthorized third-party integrations, and potential attack vectors. Key Features: Real-time detection of XMLHttpRequest, Fetch API, and WebSocket connections Automatic filtering of static resources (images/CSS/fonts) Security-focused reporting with domain frequency analysis Exportable audit trails in markdown format Cross-origin call tracking with full URL capture Manifest V3 compliant with strict CSP policies Ideal For: Identifying shadow APIs in enterprise web applications Auditing data flows for GDPR/HIPAA compliance Detecting unauthorized third-party trackers Educational white-hat hacking exercises Penetration testing reconnaissance phases Monitoring client-side supply chain risks Technical Specifications: Operates at document_start phase to capture initializations Content script injection via Chrome extension APIs Background service worker maintains isolated call registry Secure message passing between components Zero data collection/telemetry Advanced Capabilities: Path-based sorting and domain clustering Automatic deduplication of repeated calls Query parameter stripping for clean analysis Multi-frame tracking (iframes/web workers) Detection bypass prevention through prototype hooks For Security Teams: Prioritize endpoints by call frequency Spot anomalous domains in real-time Export findings to standard threat intelligence formats Integrate with SIEM systems via manual export Development Philosophy: Minimal permissions required (storage, downloads, webNavigation) No background page persistence Strict content security policy enforcement Regular updates to match evolving web standards Open Source Ready: Clean codebase for organizational customization MIT License (contact developer for enterprise terms) Built for extensibility (add custom filters/hooks) Install to gain immediate visibility into client-side network activity and strengthen your organization's web application security posture. Essential for modern cybersecurity defense-in-depth strategies.
JWT Sniffer
Catch and decode all the JWTs Show, Decode and Copy all the Json Web Tokens. Are you sending JWT tokens in your HTTP requests? Tired of copying tokens from the developer view into jwt.io when debugging? It will detect all the HTTP(S) requests with Header and Cookies containing a JWT and conveniently display the content.
JSner - Endpoint Extractor
Advanced endpoint scanner with verification. Extract and test API endpoints, GraphQL queries, and more from any website. JSner – Directory & Endpoint Finder for Bug Hunters JSner is a lightweight browser extension built for bug bounty hunters and penetration testers. It automatically crawls JavaScript files and other resources on the target domain to uncover hidden directories, endpoints, APIs, and configuration paths — all from your browser. 🔍 Features Instantly extract endpoints and directories from loaded scripts and pages Supports JavaScript, JSON, HTML, and other static resources Auto-filters duplicates and noise for cleaner results One-click export of findings (TXT / JSON) 100% client-side — no data leaves your browser ⚡ Why JSner Perfect for quick reconnaissance during web application testing. It helps identify forgotten or hidden API endpoints that may expose sensitive functionality or lead to deeper vulnerabilities. 🛠️ Usage Load your target site. Open JSner and click “Scan”. Review and export discovered endpoints instantly. 🤝 Contribute Project repo: github.com/vegeta2op/JSner Pull requests, feature ideas, and improvements are welcome!
DreamFactory API Tools
Modify HTTP headers, test APIs, and generate curl commands A comprehensive toolkit designed for DreamFactory developers and API testers. This extension combines header management, curl command generation, and API testing in one convenient interface. Key Features: • Header Management - Add, modify, and enable/disable custom HTTP headers - Domain-specific header filtering - Automatic header injection into browser requests • Curl Command Generator - Build curl commands with a user-friendly interface - Import existing curl commands - Save and manage frequently used commands - One-click current URL capture - Parameter and header management - JSON request body support with formatting • API Testing - Test API endpoints directly from the extension - Support for all HTTP methods (GET, POST, PUT, PATCH, DELETE) - Query parameter builder - Custom header management - JSON request body with syntax highlighting - Formatted response viewing with syntax highlighting - Response headers inspection - Response time metrics Additional Features: • Pin extension window for persistent access • Save and load frequently used API requests • JSON formatting and validation • Dark mode interface • Cross-browser compatibility Perfect for: • DreamFactory developers • API testers • Backend developers • Anyone working with REST APIs This extension streamlines the API development and testing workflow by providing essential tools in an intuitive, easy-to-use interface.
Hidden APIs
Find & inspect internal APIs, scrape & automate tasks with ease. Ideal for devs, data scientists & web enthusiasts. Take your web development, data science, and web scraping skills to the next level with Hidden APIs, a powerful Chrome extension that reveals hidden APIs and enables you to inspect, scrape, and automate tasks with ease. Reveal hidden APIs: Hidden APIs detects and displays the hidden APIs used by a website, allowing you to inspect and understand how they work. Inspect internal APIs: Use the extension's panel to inspect API requests, responses, and headers, giving you a deeper understanding of how the site's internal APIs function. Scrape and automate tasks: With Hidden APIs, you can extract data from websites using their internal APIs, automate repetitive tasks, and streamline your workflow. Enhance your development skills: Gain insights into how websites are built and how their APIs work, helping you to improve your own development skills and create more efficient solutions. Save time and effort: Automate tasks and reduce the time spent on manual data extraction and inspection. Improve your development skills: Gain a deeper understanding of how websites work and how to build more efficient solutions. Enhance your data science capabilities: Extract data from websites and use it to inform your analysis and insights.
