API Tamper Console

Intercept and rewrite request/response body and headers by configurable URL rules.

API Tamper Console is a developer-focused Chrome extension that lets you intercept HTTP requests in your browser and rewrite their headers or response body on the fly — no proxy, no SSL trust, no backend changes. Built on Manifest V3 with the Declarative Net Request API and a page-world fetch/XHR hook, it is designed for frontend engineers, QA, and anyone who needs fast, reliable API mocking and debugging. — What you can do — • Match requests by substring or regular expression. • Scope each rule to specific HTTP methods (GET, POST, PUT, PATCH, DELETE, …). • Add, set, append, or remove request and response headers. • Replace the response body with a fixed JSON / text payload. • Merge a JSON patch into the original response (deep merge for objects, array replace for arrays). • Toggle each rule individually, or pause the whole extension with one click in the toolbar. • Import and export rule sets as JSON for sharing with your team. • Visual indicator on the toolbar icon — purple when running, gray when paused. — Typical use cases — • Mock backend endpoints that are still under development. • Reproduce edge cases (HTTP 401/403/500, empty arrays, slow JSON shapes, feature flags) without touching the server. • Inject debug headers (X-Debug-Token, traceparent, custom auth) into specific endpoints. • Switch a feature flag returned by an API to test new UI states. • Override CORS or cache headers locally during development. — Privacy & data handling — • All rules are stored locally via chrome.storage.sync. • No telemetry, no analytics, no remote configuration. Nothing leaves your browser. • Network access is only used to apply rules you create yourself. • Open source friendly: rules are plain JSON you can review and version-control. — How it works — Header rewrites are applied through Chrome's Declarative Net Request engine, which runs in the network layer and supports modifying both request and response headers efficiently. Body rewrites are applied through a page-world content script that wraps fetch and XMLHttpRequest, so JSON merge / replace works for any framework (React, Vue, Angular, vanilla, jQuery, …) without you having to integrate anything. — Permissions explained — • "storage" — to save your rules and settings. • "declarativeNetRequest" / "declarativeNetRequestWithHostAccess" — to modify request/response headers. • host_permissions: <all_urls> — required so you can write rules that match any URL you choose. Rules are only applied when you enable them. — Quick start — 1. Pin the extension to your toolbar. 2. Click the icon to open the rule console. 3. Add a rule: paste a URL pattern, pick the methods, configure headers and/or response body. 4. Toggle the rule on. Reload the target page — your rule is live. Feedback and bug reports are welcome. Happy tampering!