WebPage Same Origin APIs por Libor Benes (Dr. B)
Detects same-origin APIs (REST, GraphQL, internal endpoints) and WebSocket connections used by the current webpage. Displays them in a fading popup with easy copy/export. • Secure. 100% client-side. No tracking. No data collection.
Metadata de la extensión
Sobre esta extensión
WebPage Same Origin APIs is a Firefox extension that helps developers, security researchers, and technical users instantly see the backend APIs and WebSocket connections that the current webpage is actually calling.
It monitors network requests in real time and displays only same-origin APIs — such as REST endpoints, GraphQL queries (/api/graphql/, /voyager/api/, /youtubei/v1/, etc.), and WebSocket connections — while ignoring static assets and third-party calls.
Features:
• Automatic fading toast notification when APIs or WebSockets are detected (top-right, fades out after 8 seconds, manual close available).
• Clean popup with scrollable list and always-visible Copy List + Export JSON buttons.
• Timestamped exports (same_origin_apis_YYYY-MM-DD_HH-MM-SS.json).
• Dynamic updates — continues detecting new calls as the page loads more content (ideal for Facebook feed, YouTube player, infinite scrolls).
• High-contrast dark UI with color-coded method badges (GET = green, POST = orange, others = purple).
• One-click copy of the full list or individual items.
• Expanded API pattern recognition including /v3/, /rpc/, /gateway/, and more.
Ideal For:
• Understanding how real websites (YouTube, LinkedIn, Facebook, etc.) communicate with their backends.
• API exploration, debugging, and integration testing.
• Bug bounty hunting and security analysis.
• Learning modern web architecture.
• Scraping research and reverse engineering.
Security-First Architecture:
• The extension is 100% client-side.
• No data collection or transmission.
• No telemetry, analytics, or tracking.
• Everything stays in your browser.
• Explicitly declared “no data collection” in the manifest.
Technical Details:
• Works on Firefox 140.0+ (desktop only).
• Uses webRequest API combined with early content-script hooks (fetch, XMLHttpRequest, sendBeacon) for better compatibility.
• Flat file structure with safe DOM methods only.
• Lightweight and performant.
• Runtime Execution RAM Footprint: ~26 KB (the execution files).
• Total Extension Download/Install Size: ~61 KB (including README.md).
Note:
On Facebook and Instagram, best results are achieved by opening a fresh tab due to heavy Service Worker usage. Scrolling the feed continues to display additional endpoints.
Test the WebPage Same Origin APIs add-on on YouTube, Facebook, LinkedIn, or any modern single-page application to see dozens of real internal API and WebSocket calls in action.
It monitors network requests in real time and displays only same-origin APIs — such as REST endpoints, GraphQL queries (/api/graphql/, /voyager/api/, /youtubei/v1/, etc.), and WebSocket connections — while ignoring static assets and third-party calls.
Features:
• Automatic fading toast notification when APIs or WebSockets are detected (top-right, fades out after 8 seconds, manual close available).
• Clean popup with scrollable list and always-visible Copy List + Export JSON buttons.
• Timestamped exports (same_origin_apis_YYYY-MM-DD_HH-MM-SS.json).
• Dynamic updates — continues detecting new calls as the page loads more content (ideal for Facebook feed, YouTube player, infinite scrolls).
• High-contrast dark UI with color-coded method badges (GET = green, POST = orange, others = purple).
• One-click copy of the full list or individual items.
• Expanded API pattern recognition including /v3/, /rpc/, /gateway/, and more.
Ideal For:
• Understanding how real websites (YouTube, LinkedIn, Facebook, etc.) communicate with their backends.
• API exploration, debugging, and integration testing.
• Bug bounty hunting and security analysis.
• Learning modern web architecture.
• Scraping research and reverse engineering.
Security-First Architecture:
• The extension is 100% client-side.
• No data collection or transmission.
• No telemetry, analytics, or tracking.
• Everything stays in your browser.
• Explicitly declared “no data collection” in the manifest.
Technical Details:
• Works on Firefox 140.0+ (desktop only).
• Uses webRequest API combined with early content-script hooks (fetch, XMLHttpRequest, sendBeacon) for better compatibility.
• Flat file structure with safe DOM methods only.
• Lightweight and performant.
• Runtime Execution RAM Footprint: ~26 KB (the execution files).
• Total Extension Download/Install Size: ~61 KB (including README.md).
Note:
On Facebook and Instagram, best results are achieved by opening a fresh tab due to heavy Service Worker usage. Scrolling the feed continues to display additional endpoints.
Test the WebPage Same Origin APIs add-on on YouTube, Facebook, LinkedIn, or any modern single-page application to see dozens of real internal API and WebSocket calls in action.
Calificado 0 por 0 revisores
Permisos y datos
Permisos requeridos:
- Introducir datos en el portapapeles
- Acceder a las pestañas del navegador
- Acceder a tus datos para todos los sitios web
Recolección de datos:
- El desarrollador dice que esta extensión no requiere recolección de datos.
Más información
- Enlaces del complemento
- Versión
- 1.0
- Tamaño
- 26,77 KB
- Última actualización
- hace 5 días (28 de mar. de 2026)
- Categorías relacionadas
- Licencia
- Licencia pública de Mozilla 2.0
- Historial de versiones
- Añadir a la colección