API Sniffer Pro

JWT Sniffer

Catch and decode all the JWTs Show, Decode and Copy all the Json Web Tokens. Are you sending JWT tokens in your HTTP requests? Tired of copying tokens from the developer view into jwt.io when debugging? It will detect all the HTTP(S) requests with Header and Cookies containing a JWT and conveniently display the content.

API Sniffer Pro – Monitor, Inspect & Document APIs

Professional API monitoring, documentation, and code generation tool for developers — 100% local, no data collection. API Sniffer Pro is the fastest way to monitor, inspect, debug, and document APIs directly inside Chrome. It captures **only the API requests you care about** using domain-based filtering — giving you a clean and focused API dashboard without DevTools Network tab noise, Postman interceptors, or external tools. ✔ Runs entirely on your device ✔ No accounts required ✔ No tracking ✔ No data uploads 1️⃣ Add allowed domains inside the DevTools Domain Filter 2️⃣ Reload the page or trigger actions 3️⃣ Instantly view clean API calls in real time Capture only the APIs you want. Focus only on your application APIs. with a developer-friendly interface. Automatically formats responses with: for faster debugging. Modify and resend API requests instantly without leaving DevTools. Perfect for: Useful for: inside your API traffic timeline. for faster issue reproduction. # 🚀 Perfect For Unlock advanced debugging workflows with API Sniffer Pro: Designed for professional API debugging environments. API Sniffer Pro runs entirely locally in your browser. All captured API logs remain on your machine. Only license validation (for PRO users) communicates securely with our backend. # 📦 Built For Modern API Workflows Ideal for working with: If API Sniffer Pro improves your workflow, your contribution directly supports ongoing development and maintenance of developer-focused tools. .

API Sniffer - Endpoint Detector

Capture, replay, and automate HTTP requests with real-time WebSocket, WebRTC monitoring and passive API leak detection. API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation. Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab. 🔌 WebSocket Monitoring: • Real-time capture of all WebSocket connections and messages (sent & received). • Split-panel UI with connection sidebar and live message stream. • Pause/Resume listening to freeze capture without losing data. • Export captured WebSocket data as JSON or CSV with one click. 📡 WebRTC Monitoring: • Intercepts all RTCPeerConnection creation, ICE candidates, SDP offers/answers, data channels, and media tracks. • Full event stream with color-coded badges for each event type. • Export all WebRTC data as structured JSON. • Shared Pause/Resume control with WebSocket monitoring. 🔐 Passive API Leak Detection (Secrets Scanner): • Automatically scans all request URLs, request headers, response headers, and response bodies for leaked secrets. • Detects 38+ secret types: AWS keys, Google API keys, Stripe keys, JWTs, Bearer tokens, GitHub/GitLab tokens, Slack/Discord/Telegram tokens, OpenAI keys, SendGrid keys, Firebase keys, Shopify tokens, private keys, and more. • URL parameter scanning catches API keys leaked in query strings (?key=, ?api_key=, ?access_token=, ?token=, ?secret=). • Context-Aware Filtering: Smart false-positive reduction that examines JSON key names — drops normal IDs (request_id, client_id, etc.) and only reports values assigned to security-sensitive keys (password, secret, token, auth, etc.). • Click any detected leak to view full details with matched value and surrounding context. • Export all findings as CSV for reporting. • Advanced Dashboard: A full-page professional dashboard for in-depth API testing. • API Repeater: Send, modify, and replay captured HTTP requests manually. View raw requests and preview responses instantly with multi-tab support. • API Automator (Fuzzer): Automate API testing by injecting payloads into requests using the §target§ marker. Supports manual lists, .txt file uploads, numeric ranges, and incremental payloads. • Target Scope Management: Define specific domains in your scope and easily filter the popup to "Show Scope Only," keeping your workspace clutter-free. • 1-Click Integration: Instantly send any captured endpoint from the popup directly to the Repeater (RPT) or Automator (AUT) queues. • CSV Export for Automator: Export all your automated run results (including status codes, lengths, and response times) directly to a CSV file. 🚀 Real-time Monitoring — Automatically captures fetch/XHR requests, WebSocket messages, and WebRTC connections silently as you browse. 🧹 Smart Filtering — Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains. Target Scope lets you strictly focus on testing domains. 🔐 Leak Detection — Passively scans all network traffic for accidentally exposed API keys, tokens, passwords, and secrets with context-aware false-positive filtering. 📂 One-Click Export — Instantly copy all endpoints to your clipboard, or download them as a clean .txt, structured .json for Postman/Insomnia, or CSV for spreadsheets. 🎯 Precision Control — Easily start, stop, pause, or reset the recording process at any time. Remove single endpoints from the list without clearing everything. 🔌 Protocol Coverage — Monitors HTTP (XHR/Fetch), WebSocket, and WebRTC traffic from a single extension. ⚡ Lightweight & Secure — Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed. Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.

Hunter Search

Otimize buscas para pentest e bug bounty com dorks automáticos. Hunter Search – Dorks Inteligentes para Pentest e Bug Bounty Otimize suas buscas de segurança! O Hunter Search é a extensão definitiva para profissionais de pentest, bug bounty hunters e entusiastas de segurança que desejam encontrar informações sensíveis, vulnerabilidades e exposições públicas de forma rápida, prática e inteligente. Principais Funcionalidades - Montagem Avançada de Dorks: Combine palavras-chave, múltiplos sites, operadores Google e dorks prontos (IDOR, XSS, SQLi, AWS, arquivos sensíveis, leaks, painéis admin e muito mais) em uma interface intuitiva. - Pré-visualização em Tempo Real: Veja como ficará sua query antes de buscar, garantindo precisão e controle total. - Busca Multi-Plataforma: Escolha entre Google, Bing ou DuckDuckGo para ampliar suas possibilidades de descoberta. - Histórico e Favoritos: Salve e reutilize suas queries mais usadas. Nunca mais perca aquele dork perfeito! - Botões Rápidos: Copie, limpe ou favorite suas buscas com apenas um clique. - Modo Escuro/Claro Automático: Interface moderna, responsiva e confortável para qualquer hora do dia. - Tooltips e Ajuda: Dicas rápidas em cada campo para facilitar o uso, mesmo para quem está começando. Exemplos de uso - Encontrar vazamentos de chaves AWS em repositórios públicos. - Buscar arquivos sensíveis (.env, config, credentials) em sites e domínios específicos. - Descobrir endpoints de administração, painéis e dashboards expostos. - Pesquisar por vulnerabilidades comuns (IDOR, XSS, SQLi) em qualquer site. - Montar dorks customizados para investigações avançadas. Por que usar o Hunter Search? - Produtividade: Economize tempo montando queries complexas com poucos cliques. - Personalização: Adapte a busca ao seu objetivo, seja para bug bounty, CTF, OSINT ou auditoria. - Praticidade: Tudo em um só lugar, sem precisar decorar dorks ou operadores. Hunter Search Otimize suas buscas. Encontre vulnerabilidades. Eleve seu bug bounty!