Item logo image for API Security Researcher

API Security Researcher

https://ndevtk.github.io/writeups/
ExtensionPrivacy & Security13 users
Item media 5 (screenshot) for API Security Researcher
Item media 1 (screenshot) for API Security Researcher
Item media 2 (screenshot) for API Security Researcher
Item media 3 (screenshot) for API Security Researcher
Item media 4 (screenshot) for API Security Researcher
Item media 5 (screenshot) for API Security Researcher
Item media 1 (screenshot) for API Security Researcher
Item media 1 (screenshot) for API Security Researcher
Item media 2 (screenshot) for API Security Researcher
Item media 3 (screenshot) for API Security Researcher
Item media 4 (screenshot) for API Security Researcher
Item media 5 (screenshot) for API Security Researcher

Overview

API discovery, protocol reverse-engineering, JavaScript security code review, and request export.

API Security Researcher passively monitors web traffic to map APIs, decode protocols, and surface security issues — all from your browser. What it does: - Captures fetch, XHR, WebSocket, and EventSource traffic without requiring debugger or webRequest permissions - Automatically decodes Protobuf, JSPB, gRPC-Web, GraphQL, Server-Sent Events, NDJSON, Google batchexecute, and async chunked responses - Learns API schemas from observed traffic — request/response structures, URL parameters, field types, and enums - Probes for official API documentation on discovered interfaces - Performs static analysis of JavaScript bundles using Babel AST to extract API call sites, proto - field maps, and enums before requests even happen - Detects DOM XSS sinks, open redirects, prototype pollution, unsafe postMessage listeners, and other security patterns with taint tracking from user-controlled sources - Exports requests as curl, fetch, or Python snippets - Exports and imports OpenAPI 3.0.3 specs with protobuf field number round-tripping - Cross-tab request log filtering and collaborative field/parameter renaming Who it's for: Security researchers, penetration testers, bug bounty hunters, and developers who want to understand the APIs behind any website. Code can be viewed at https://github.com/NDevTK/APIClient under the GNU GPL v3 license.

0 out of 5No ratings

Learn more about results and reviews.

Details

  • Version
    1.0.0
  • Updated
    5 April 2026
  • Size
    489KiB
  • Languages
    English (United Kingdom)
  • Developer
    Website
    Email
    ndevtk@protonmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

Manage extensions and learn how they're being used in your organisation
The developer has disclosed that it will not collect or use your data. To learn more, see the developer's privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Related

API Sniffer Pro – Monitor, Inspect & Document APIs

5.0

Professional API monitoring, documentation, and code generation tool for developers — 100% local, no data collection.

TokenNinja

0.0

Stealthy JWT security testing toolkit - Decode, analyze & exploit JWT vulnerabilities for authorized pentesting

Network Ninja

5.0

Enhanced network request inspection with secure curl generation for Chrome DevTools

API Sniffer - Endpoint Detector

4.5

A developer tool to debug, replay, and automate API calls for security testing.

rep+

5.0

rep+ - Capture, modify, and replay HTTP requests in Chrome DevTools with AI-powered security analysis.

Google Maps Api Checker

1.0

This extension can Check API is secure or not.

HackTools++

4.7

HackTools++: Repeater, Intruder, Decoder, and Scanner in DevTools. Capture, edit, and replay HTTP requests for testing.

Talend API Tester - Free Edition

4.8

Visually interact with REST, SOAP and HTTP APIs.

Mock Express - Modify, Mock & Intercept HTTP Requests Locally

5.0

Intercept, mock, and modify API requests directly in your browser. No server needed. 100% local and secure.

Tyre Kicker - Security Scanner

0.0

Offline security scanner. Detect API keys, CVEs, config issues. No external API calls. For authorized testing only.

SupaExplorer - Supabase & API Key Scanner

5.0

Audit Supabase RLS policies and detect exposed API keys (AWS, Stripe, OpenAI, GitHub, Google & 10+ more) in web applications.

XApi HTTP Client - Api Testing Tool

0.0

Intercept, debug & replay HTTP requests. A comprehensive API client with collections and cURL support inside Chrome DevTools.

API Sniffer Pro – Monitor, Inspect & Document APIs

5.0

Professional API monitoring, documentation, and code generation tool for developers — 100% local, no data collection.

TokenNinja

0.0

Stealthy JWT security testing toolkit - Decode, analyze & exploit JWT vulnerabilities for authorized pentesting

Network Ninja

5.0

Enhanced network request inspection with secure curl generation for Chrome DevTools

API Sniffer - Endpoint Detector

4.5

A developer tool to debug, replay, and automate API calls for security testing.

rep+

5.0

rep+ - Capture, modify, and replay HTTP requests in Chrome DevTools with AI-powered security analysis.

Google Maps Api Checker

1.0

This extension can Check API is secure or not.

HackTools++

4.7

HackTools++: Repeater, Intruder, Decoder, and Scanner in DevTools. Capture, edit, and replay HTTP requests for testing.

Talend API Tester - Free Edition

4.8

Visually interact with REST, SOAP and HTTP APIs.

Google apps