WebPage Same Origin APIs ์ ์์: Libor Benes (Dr. B)
Detects same-origin APIs (REST, GraphQL, internal endpoints) and WebSocket connections used by the current webpage. Displays them in a fading popup with easy copy/export. โข Secure. 100% client-side. No tracking. No data collection.
ํ์ฅ ๋ฉํ ๋ฐ์ดํฐ
์ ๋ณด
WebPage Same Origin APIs is a Firefox extension that helps developers, security researchers, and technical users instantly see the backend APIs and WebSocket connections that the current webpage is actually calling.
It monitors network requests in real time and displays only same-origin APIs โ such as REST endpoints, GraphQL queries (/api/graphql/, /voyager/api/, /youtubei/v1/, etc.), and WebSocket connections โ while ignoring static assets and third-party calls.
Features:
โข Automatic fading toast notification when APIs or WebSockets are detected (top-right, fades out after 8 seconds, manual close available).
โข Clean popup with scrollable list and always-visible Copy List + Export JSON buttons.
โข Timestamped exports (same_origin_apis_YYYY-MM-DD_HH-MM-SS.json).
โข Dynamic updates โ continues detecting new calls as the page loads more content (ideal for Facebook feed, YouTube player, infinite scrolls).
โข High-contrast dark UI with color-coded method badges (GET = green, POST = orange, others = purple).
โข One-click copy of the full list or individual items.
โข Expanded API pattern recognition including /v3/, /rpc/, /gateway/, and more.
Ideal For:
โข Understanding how real websites (YouTube, LinkedIn, Facebook, etc.) communicate with their backends.
โข API exploration, debugging, and integration testing.
โข Bug bounty hunting and security analysis.
โข Learning modern web architecture.
โข Scraping research and reverse engineering.
Security-First Architecture:
โข The extension is 100% client-side.
โข No data collection or transmission.
โข No telemetry, analytics, or tracking.
โข Everything stays in your browser.
โข Explicitly declared โno data collectionโ in the manifest.
Technical Details:
โข Works on Firefox 140.0+ (desktop only).
โข Uses webRequest API combined with early content-script hooks (fetch, XMLHttpRequest, sendBeacon) for better compatibility.
โข Flat file structure with safe DOM methods only.
โข Lightweight and performant.
โข Runtime Execution RAM Footprint: ~26 KB (the execution files).
โข Total Extension Download/Install Size: ~61 KB (including README.md).
Note:
On Facebook and Instagram, best results are achieved by opening a fresh tab due to heavy Service Worker usage. Scrolling the feed continues to display additional endpoints.
Test the WebPage Same Origin APIs add-on on YouTube, Facebook, LinkedIn, or any modern single-page application to see dozens of real internal API and WebSocket calls in action.
It monitors network requests in real time and displays only same-origin APIs โ such as REST endpoints, GraphQL queries (/api/graphql/, /voyager/api/, /youtubei/v1/, etc.), and WebSocket connections โ while ignoring static assets and third-party calls.
Features:
โข Automatic fading toast notification when APIs or WebSockets are detected (top-right, fades out after 8 seconds, manual close available).
โข Clean popup with scrollable list and always-visible Copy List + Export JSON buttons.
โข Timestamped exports (same_origin_apis_YYYY-MM-DD_HH-MM-SS.json).
โข Dynamic updates โ continues detecting new calls as the page loads more content (ideal for Facebook feed, YouTube player, infinite scrolls).
โข High-contrast dark UI with color-coded method badges (GET = green, POST = orange, others = purple).
โข One-click copy of the full list or individual items.
โข Expanded API pattern recognition including /v3/, /rpc/, /gateway/, and more.
Ideal For:
โข Understanding how real websites (YouTube, LinkedIn, Facebook, etc.) communicate with their backends.
โข API exploration, debugging, and integration testing.
โข Bug bounty hunting and security analysis.
โข Learning modern web architecture.
โข Scraping research and reverse engineering.
Security-First Architecture:
โข The extension is 100% client-side.
โข No data collection or transmission.
โข No telemetry, analytics, or tracking.
โข Everything stays in your browser.
โข Explicitly declared โno data collectionโ in the manifest.
Technical Details:
โข Works on Firefox 140.0+ (desktop only).
โข Uses webRequest API combined with early content-script hooks (fetch, XMLHttpRequest, sendBeacon) for better compatibility.
โข Flat file structure with safe DOM methods only.
โข Lightweight and performant.
โข Runtime Execution RAM Footprint: ~26 KB (the execution files).
โข Total Extension Download/Install Size: ~61 KB (including README.md).
Note:
On Facebook and Instagram, best results are achieved by opening a fresh tab due to heavy Service Worker usage. Scrolling the feed continues to display additional endpoints.
Test the WebPage Same Origin APIs add-on on YouTube, Facebook, LinkedIn, or any modern single-page application to see dozens of real internal API and WebSocket calls in action.
0๋ช
์ด 0์ ์ผ๋ก ํ๊ฐํจ
๊ถํ ๋ฐ ๋ฐ์ดํฐ
ํ์ ๊ถํ:
- ํด๋ฆฝ๋ณด๋์ ๋ฐ์ดํฐ ๋ฃ๊ธฐ
- ๋ธ๋ผ์ฐ์ ํญ์ ์ ๊ทผ
- ๋ชจ๋ ์น์ฌ์ดํธ์์ ์ฌ์ฉ์์ ๋ฐ์ดํฐ์ ์ ๊ทผ
๋ฐ์ดํฐ ์์ง:
- ๊ฐ๋ฐ์๊ฐ ์ด ํ์ฅ ๊ธฐ๋ฅ์ ๋ฐ์ดํฐ ์์ง์ด ํ์ํ์ง ์๋ค๊ณ ํฉ๋๋ค.
์ถ๊ฐ ์ ๋ณด
- ๋ถ๊ฐ ๊ธฐ๋ฅ ๋งํฌ
- ๋ฒ์
- 1.0
- ํฌ๊ธฐ
- 26.77 KB
- ๋ง์ง๋ง ์ ๋ฐ์ดํธ
- 5์ผ ์ (2026๋ 3์ 28์ผ)
- ๊ด๋ จ ์นดํ ๊ณ ๋ฆฌ
- ๋ผ์ด์ ์ค
- Mozilla Public License 2.0
- ๋ฒ์ ๋ชฉ๋ก
- ๋ชจ์์ง์ ์ถ๊ฐ