API Tamper Console

About

API Tamper Console is a developer-focused Chrome extension that lets you intercept HTTP requests in your browser and rewrite their headers or response body on the fly — no proxy, no SSL trust, no backend changes.

Built on Manifest V3 with the Declarative Net Request API and a page-world fetch/XHR hook, it is designed for frontend engineers, QA, and anyone who needs fast, reliable API mocking and debugging.

— What you can do —

• Match requests by substring or regular expression.
• Scope each rule to specific HTTP methods (GET, POST, PUT, PATCH, DELETE, …).
• Add, set, append, or remove request and response headers.
• Replace the response body with a fixed JSON / text payload.
• Merge a JSON patch into the original response (deep merge for objects, array replace for arrays).
• Toggle each rule individually, or pause the whole extension with one click in the toolbar.
• Import and export rule sets as JSON for sharing with your team.
• Visual indicator on the toolbar icon — purple when running, gray when paused.

— Typical use cases —

• Mock backend endpoints that are still under development.
• Reproduce edge cases (HTTP 401/403/500, empty arrays, slow JSON shapes, feature flags) without touching the server.
• Inject debug headers (X-Debug-Token, traceparent, custom auth) into specific endpoints.
• Switch a feature flag returned by an API to test new UI states.
• Override CORS or cache headers locally during development.

— Privacy & data handling —

• All rules are stored locally via chrome.storage.sync.
• No telemetry, no analytics, no remote configuration. Nothing leaves your browser.
• Network access is only used to apply rules you create yourself.
• Open source friendly: rules are plain JSON you can review and version-control.

— How it works —

Header rewrites are applied through Chrome's Declarative Net Request engine, which runs in the network layer and supports modifying both request and response headers efficiently.

Body rewrites are applied through a page-world content script that wraps fetch and XMLHttpRequest, so JSON merge / replace works for any framework (React, Vue, Angular, vanilla, jQuery, …) without you having to integrate anything.

— Permissions explained —

• "storage" — to save your rules and settings.
• "declarativeNetRequest" / "declarativeNetRequestWithHostAccess" — to modify request/response headers.
• host_permissions: <all_urls> — required so you can write rules that match any URL you choose. Rules are only applied when you enable them.

— Quick start —

1. Pin the extension to your toolbar.
2. Click the icon to open the rule console.
3. Add a rule: paste a URL pattern, pick the methods, configure headers and/or response body.
4. Toggle the rule on. Reload the target page — your rule is live.

Feedback and bug reports are welcome. Happy tampering!