API Call Detector

Name: API Call Detector
Rating: 5 (2 reviews)
Author: Geekus Maximus

Security tool to actively detect external API calls made from displayed web page

As of May 2026, API Call Detector has 138 users and a 5.00/5 rating from 2 reviews in the Productivity category.

Geekus Maximus Productivity

Chrome Web Store ↗.crx

Users+3.0%

138

Rating0%

5.00

2 reviews

Reviews0%

Version

1.0

Manifest V3

History

2 snapshots

Tracking since Apr 24, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 24, 2026	134	5.00	2	1.0
May 21, 2026	135	5.00	2	1.0
Now	138	5.00	2	1.0

Permissions & access

Permissions: webNavigationdownloads
Host access: <all_urls>

Screenshots

About

API Call Detector - Cybersecurity Analysis Tool

Identify potential security risks by mapping all external API calls made through JavaScript. This professional-grade extension provides real-time monitoring of web page communications, helping security teams uncover hidden data flows, unauthorized third-party integrations, and potential attack vectors.

Key Features:
    Real-time detection of XMLHttpRequest, Fetch API, and WebSocket connections
    Automatic filtering of static resources (images/CSS/fonts)
    Security-focused reporting with domain frequency analysis
    Exportable audit trails in markdown format
    Cross-origin call tracking with full URL capture
    Manifest V3 compliant with strict CSP policies

Ideal For:
    Identifying shadow APIs in enterprise web applications
    Auditing data flows for GDPR/HIPAA compliance
    Detecting unauthorized third-party trackers
    Educational white-hat hacking exercises
    Penetration testing reconnaissance phases
    Monitoring client-side supply chain risks

Technical Specifications:
    Operates at document_start phase to capture initializations
    Content script injection via Chrome extension APIs
    Background service worker maintains isolated call registry
    Secure message passing between components
    Zero data collection/telemetry

Use Cases:
    Vulnerability Assessment: Map all external endpoints contacted during user sessions
    Incident Response: Quickly identify compromised APIs during breach investigations
    Third-Party Audit: Document data leakage points to external services
    Developer Education: Visualize runtime network behavior of SPAs
    Compliance Reporting: Generate evidence of endpoint security checks

Advanced Capabilities:
    Path-based sorting and domain clustering
    Automatic deduplication of repeated calls
    Query parameter stripping for clean analysis
    Multi-frame tracking (iframes/web workers)
    Detection bypass prevention through prototype hooks

For Security Teams:
    Prioritize endpoints by call frequency
    Spot anomalous domains in real-time
    Export findings to standard threat intelligence formats
    Integrate with SIEM systems via manual export

Development Philosophy:
    Minimal permissions required (storage, downloads, webNavigation)
    No background page persistence
    Strict content security policy enforcement
    Regular updates to match evolving web standards

Open Source Ready:
    Clean codebase for organizational customization
    MIT License (contact developer for enterprise terms)
    Built for extensibility (add custom filters/hooks)

Install to gain immediate visibility into client-side network activity and strengthen your organization's web application security posture. Essential for modern cybersecurity defense-in-depth strategies.