API Sniffer - Endpoint Detector

Tracking since Apr 6, 2026.

Changelog

• May 26, 2026
  description

  API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation.
  
  Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab.
  
  ✨ What's New in Version 2.1:
  • Advanced Dashboard: A brand new, full-page professional dashboard for in-depth API testing.
  • API Repeater: Send, modify, and replay captured HTTP requests manually. View raw requests and preview responses instantly with multi-tab support.
  • API Automator (Fuzzer): Automate API testing by injecting payloads into requests using the §target§ marker. Supports manual lists, .txt file uploads, numeric ranges, and incremental payloads.
  • Target Scope Management: Define specific domains in your scope and easily filter the popup to "Show Scope Only," keeping your workspace clutter-free.
  • 1-Click Integration: Instantly send any captured endpoint from the popup directly to the Repeater (RPT) or Automator (AUT) queues.
  • CSV Export for Automator: Export all your automated run results (including status codes, lengths, and response times) directly to a CSV file.
  
  🔥 Key Features:
  🚀 Real-time Monitoring: Automatically captures fetch/XHR requests silently as you browse.
  🧹 Smart Filtering: Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains. Target Scope lets you strictly focus on testing domains.
  📂 One-Click Export: Instantly copy all endpoints to your clipboard, or download them as a clean .txt or structured .json file for Postman/Insomnia.
  🎯 Precision Control: Easily start, stop, or reset the recording process at any time. Remove single endpoints from the list without clearing everything.
  ⚡ Lightweight & Secure: Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed.
  
  Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.

  API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation.
  
  Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab.
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  🆕 What's New in Version 2.2:
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
  🔌 WebSocket Monitoring:
  • Real-time capture of all WebSocket connections and messages (sent & received).
  • Split-panel UI with connection sidebar and live message stream.
  • Pause/Resume listening to freeze capture without losing data.
  • Export captured WebSocket data as JSON or CSV with one click.
  
  📡 WebRTC Monitoring:
  • Intercepts all RTCPeerConnection creation, ICE candidates, SDP offers/answers, data channels, and media tracks.
  • Full event stream with color-coded badges for each event type.
  • Export all WebRTC data as structured JSON.
  • Shared Pause/Resume control with WebSocket monitoring.
  
  🔐 Passive API Leak Detection (Secrets Scanner):
  • Automatically scans all request URLs, request headers, response headers, and response bodies for leaked secrets.
  • Detects 38+ secret types: AWS keys, Google API keys, Stripe keys, JWTs, Bearer tokens, GitHub/GitLab tokens, Slack/Discord/Telegram tokens, OpenAI keys, SendGrid keys, Firebase keys, Shopify tokens, private keys, and more.
  • URL parameter scanning catches API keys leaked in query strings (?key=, ?api_key=, ?access_token=, ?token=, ?secret=).
  • Context-Aware Filtering: Smart false-positive reduction that examines JSON key names — drops normal IDs (request_id, client_id, etc.) and only reports values assigned to security-sensitive keys (password, secret, token, auth, etc.).
  • Click any detected leak to view full details with matched value and surrounding context.
  • Export all findings as CSV for reporting.
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  ✨ Features from Version 2.1:
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
  • Advanced Dashboard: A full-page professional dashboard for in-depth API testing.
  • API Repeater: Send, modify, and replay captured HTTP requests manually. View raw requests and preview responses instantly with multi-tab support.
  • API Automator (Fuzzer): Automate API testing by injecting payloads into requests using the §target§ marker. Supports manual lists, .txt file uploads, numeric ranges, and incremental payloads.
  • Target Scope Management: Define specific domains in your scope and easily filter the popup to "Show Scope Only," keeping your workspace clutter-free.
  • 1-Click Integration: Instantly send any captured endpoint from the popup directly to the Repeater (RPT) or Automator (AUT) queues.
  • CSV Export for Automator: Export all your automated run results (including status codes, lengths, and response times) directly to a CSV file.
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  🔥 Key Features:
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
  🚀 Real-time Monitoring — Automatically captures fetch/XHR requests, WebSocket messages, and WebRTC connections silently as you browse.
  
  🧹 Smart Filtering — Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains. Target Scope lets you strictly focus on testing domains.
  
  🔐 Leak Detection — Passively scans all network traffic for accidentally exposed API keys, tokens, passwords, and secrets with context-aware false-positive filtering.
  
  📂 One-Click Export — Instantly copy all endpoints to your clipboard, or download them as a clean .txt, structured .json for Postman/Insomnia, or CSV for spreadsheets.
  
  🎯 Precision Control — Easily start, stop, pause, or reset the recording process at any time. Remove single endpoints from the list without clearing everything.
  
  🔌 Protocol Coverage — Monitors HTTP (XHR/Fetch), WebSocket, and WebRTC traffic from a single extension.
  
  ⚡ Lightweight & Secure — Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed.
  
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  
  Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.

• May 26, 2026
  short_description

  A developer tool to debug, replay, and automate API calls for security testing.

  Capture, replay, and automate HTTP requests with real-time WebSocket, WebRTC monitoring and passive API leak detection.

• May 20, 2026
  description

  API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation.
  
  Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab.
  
  ✨ What's New in Version 2.0:
  
  Modern Developer UI: Completely redesigned with a clean, professional, and minimal interface.
  
  HTTP Methods: Now captures and displays request methods (GET, POST, PUT, DELETE, etc.) alongside the URL.
  
  Custom Blacklist: Added a settings panel to manually block specific domains (like analytics or tracking URLs).
  
  List Management: View endpoints in a scrollable list and delete irrelevant URLs individually.
  
  More Export Options: Added "Copy All" to clipboard and JSON export support!
  
  Enhanced Stability: Upgraded background service worker to prevent any data loss during long browsing sessions.
  
  🔥 Key Features:
  🚀 Real-time Monitoring: Automatically captures fetch/XHR requests silently as you browse.
  🧹 Smart Filtering: Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains.
  📂 One-Click Export: Instantly copy all endpoints to your clipboard, or download them as a clean .txt or structured .json file for Postman/Insomnia.
  🎯 Precision Control: Easily start, stop, or reset the recording process at any time. Remove single endpoints from the list without clearing everything.
  ⚡ Lightweight & Secure: Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed.
  
  Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.

  API Sniffer is a powerful, lightweight developer tool designed to simplify API debugging, monitoring, and documentation.
  
  Whether you are reverse-engineering an app, writing documentation, or debugging network calls, API Sniffer completely eliminates the need to manually dig through the browser's Network tab.
  
  ✨ What's New in Version 2.1:
  • Advanced Dashboard: A brand new, full-page professional dashboard for in-depth API testing.
  • API Repeater: Send, modify, and replay captured HTTP requests manually. View raw requests and preview responses instantly with multi-tab support.
  • API Automator (Fuzzer): Automate API testing by injecting payloads into requests using the §target§ marker. Supports manual lists, .txt file uploads, numeric ranges, and incremental payloads.
  • Target Scope Management: Define specific domains in your scope and easily filter the popup to "Show Scope Only," keeping your workspace clutter-free.
  • 1-Click Integration: Instantly send any captured endpoint from the popup directly to the Repeater (RPT) or Automator (AUT) queues.
  • CSV Export for Automator: Export all your automated run results (including status codes, lengths, and response times) directly to a CSV file.
  
  🔥 Key Features:
  🚀 Real-time Monitoring: Automatically captures fetch/XHR requests silently as you browse.
  🧹 Smart Filtering: Built-in filters ignore static assets (.png, .css, .mp4, etc.), while the Custom Blacklist lets you hide specific noisy domains. Target Scope lets you strictly focus on testing domains.
  📂 One-Click Export: Instantly copy all endpoints to your clipboard, or download them as a clean .txt or structured .json file for Postman/Insomnia.
  🎯 Precision Control: Easily start, stop, or reset the recording process at any time. Remove single endpoints from the list without clearing everything.
  ⚡ Lightweight & Secure: Runs 100% locally in your browser. No external servers, no tracking, and it won't slow down your browsing speed.
  
  Perfect for Web Developers, Pentesters, Bug Bounty Hunters, and QA Engineers who need to analyze network traffic quickly and efficiently.

• May 20, 2026
  short_description

  A developer tool to debug and analyze API calls for testing.

  A developer tool to debug, replay, and automate API calls for security testing.

Permissions & access

Permissions

webRequeststoragedownloadstabsclipboardWrite

Host access

<all_urls>

Screenshots

Similar extensions

Alternatives to API Sniffer - Endpoint Detector, ranked by description similarity.

API Sniffer Pro

Capture, search, export, and replay API calls (fetch & XHR). Live view, filters, curl export, sessions, dark mode.

58

★ 1.0

API Sniffer Pro – Monitor, Inspect & Document APIs

Professional API monitoring, documentation, and code generation tool for developers — 100% local, no data collection.

117

★ 5.0

NetSniffer

Wireshark-inspired network traffic analyzer with cyberpunk FUI

182

API Lens – Smart HTTP Inspector

Real-time HTTP monitoring with analytics, performance scoring, replay functionality, and API insights for developers.

64

API Sentinel Pro

Live API error radar, slow-call detection, replay, export, and AI-assisted debugging.

6

API Catcher

Monitor, log, and share API network activity for QA testing workflows.

49

API Snitch

Record API calls and dynamically generate API Client code.

5

★ 5.0

SocialAPIs Network Inspector

Capture network requests from any page and generate API code.

10