Now Live on Chrome Web Store

The Complete API Security Testing Suite.

Capture, filter, replay, and fuzz API endpoints — all from a single Chrome extension. Built for developers and security researchers.

Add to Chrome — Free Explore Features

> Initializing Sniffer...

✔ 127 Endpoints Captured

✔ Junk Filtered — 89 Clean APIs

✔ Repeater & Automator Ready

> Awaiting export command.

Trusted by security researchers and developers worldwide

Penetration Testers Web Developers Bug Bounty Hunters QA Engineers
At a Glance

Everything You Need, One Extension

From capturing endpoints to fuzzing parameters — API Sniffer covers the entire workflow.

Real-Time Capture

Silently monitors and captures all XHR & Fetch requests as you browse. Start, stop, or reset with a single click.

Smart Filtering

Auto-filters static assets, tracking pixels, and noise. Custom blacklists and target scope management built in.

API Repeater

Multi-tab workspace with raw HTTP editor. Replay, modify headers & body, and inspect responses with syntax highlighting.

API Automator

Mark injection points, load payloads from files or generators, and fuzz parameters with rate-limiting control.

Multi-Format Export

Export as TXT, JSON (Postman-ready), or CSV. Copy clean endpoint lists to clipboard instantly.

100% Offline & Secure

Runs entirely in your browser. Zero data collection, no cloud servers, no tracking — your data stays yours.

Deep Dive

Full Feature Breakdown

Every capability designed to accelerate your API testing workflow.

Real-Time API Capturing

  • Background Monitoring — Silently captures all outgoing network traffic across browser tabs in real-time.
  • XHR & Fetch Support — Targets and intercepts XMLHttpRequest and Fetch API calls specifically.
  • HTTP Methods Extraction — Displays the complete method (GET, POST, PUT, DELETE, PATCH, OPTIONS) with every URL.
  • One-Click Control — Start, stop, or reset the recording process instantly.

Smart Filtering & Scope Management

  • Auto Asset Filter — Ignores static media (.png, .css, .woff, .mp4, .pdf) to keep capture lists clean.
  • Tracker Blocklist — Built-in filters block known tracking pixels from Google Analytics and DoubleClick.
  • Custom Blacklist — Add noisy domains or keywords to hide from your workspace.
  • Target Scope — Define strict scope rules to focus on domains you're testing.
  • "Show Scope Only" — Quick toggle to display only in-scope endpoints.

Quick Access Popup Utility

  • Live Status Badge — Dynamic text and color-coded pulsing dot indicates active listening.
  • RPT Shortcut — Send any request directly to the Repeater module.
  • AUT Shortcut — Queue requests straight into the Automator module.
  • Quick Remove (×) — Delete irrelevant endpoints without clearing the entire list.
  • Smart Dashboard Sync — Red notification dot on Dashboard button when requests are queued.

Advanced API Repeater

  • Multi-Tab Workspace — Work on, edit, and replay multiple requests simultaneously.
  • Raw HTTP Editor — Full editor for Method, Path, Host, Headers, and Body.
  • Intelligent Parser — Executes raw text requests seamlessly without browser crashes.
  • Raw View — Status line, headers, and syntax-highlighted JSON body.
  • Preview View — Renders HTML responses in a secure sandboxed iframe.
  • Performance Metrics — Color-coded status badges (2xx/4xx/5xx) and round-trip timing in ms.

Powerful API Automator (Fuzzer)

  • Injection Point Marker — Select text and use § Mark § to define §target§ injection parameters.
  • Manual List — Enter payloads line-by-line (usernames, passwords, SQLi payloads).
  • File Upload Zone — Drag-and-drop .txt or .list payload files.
  • Range Generator — Auto-generate numeric sequences with zero-padding for OTP/PIN brute-forcing.
  • Increment Generator — Create auto-incrementing patterns (user1, user2, user3...).
  • Rate Limiting — Configure custom delays between requests to prevent bans.
  • Live Progress — Progress bar, counters, and auto-scrolling results table.
  • Detail Drawer — Click any result to view sent request and response side-by-side.

Multi-Format Data Export

  • Clipboard Export — Copy endpoints in clean [METHOD] URL format with one click.
  • TXT & JSON — Download traffic as .txt list or structured .json for Postman/Insomnia.
  • Automator CSV — Export test summary with Index, Payload, Status, Length, and Time.

UI/UX & Security Architecture

  • Full-Page Dashboard — Spacious, modern grid layout beyond the popup.
  • Theme Toggle — Switch between Dark and Light modes across popup and dashboard.
  • XSS Prevention — Sandboxed iframes and text escape for secure response rendering.
  • Offline Architecture — 100% local. No data collection or external transmissions.
Live Analytics

Extension Performance

Real-time installation trends and usage data from the Chrome Web Store.

Chrome Web Store Trends

Live data powered by Chrome Stats

Community

Developer Feedback

See what other developers and researchers are saying.

Leave a Review

Loading reviews...

Ready to Supercharge Your API Workflow?

Join developers worldwide using API Sniffer to capture, test, and secure APIs faster.

Install API Sniffer — It's Free