WebSurgeon

About

WebSurgeon is a powerful browser-native security toolkit for web application testers, bug bounty hunters, and developers who need deep visibility into HTTP traffic — without leaving the browser.

🔍 ADVANCED NETWORK INSPECTION
Go beyond DevTools. Capture, filter, and analyze every request with a high-signal interface designed for security workflows. Spot anomalies fast with color-coded request tagging and real-time highlighting.

🏷️ REQUEST HIGHLIGHTING & COLOR TAGGING
Visually organize traffic by marking requests with custom color tags. Track interesting endpoints, flag suspicious patterns, and keep your testing sessions organized across complex applications.

🔁 REQUEST REPEATING
Resend any captured request with a single click — no need to trigger the original action again. Tweak parameters, headers, or payloads on the fly for quick manual testing.

🛡️ PASSIVE JAVASCRIPT SCANNER
Automatically analyzes JavaScript files loaded by the page for hardcoded secrets, API keys, sensitive strings, and security misconfigurations — passively, with no active probing required.

📦 RETIREJS INTEGRATION
Detects outdated and vulnerable JavaScript libraries using the RetireJS vulnerability database. Know instantly when a page relies on a component with a known CVE.

🔗 LINK FINDER
Extracts all URLs, endpoints, and paths discovered within JS files and page source — surfacing hidden API routes, internal paths, and forgotten endpoints that standard crawlers miss.

---

WHO IS THIS FOR?
• Bug bounty hunters doing recon and passive analysis
• Penetration testers performing web application assessments
• Security engineers auditing third-party JS dependencies
• Developers checking their own apps for accidental exposure

---

PRIVACY & PERMISSIONS
WebSurgeon only inspects traffic in the active tab when you choose to run it. No data is sent to external servers. All analysis happens locally in your browser.