API Call Detector in Chrome with OffiDocs
Ad
DESCRIPTION
Security tool to actively detect external API calls made from displayed web page
API Call Detector - Cybersecurity Analysis Tool
Identify potential security risks by mapping all external API calls made through JavaScript. This professional-grade extension provides real-time monitoring of web page communications, helping security teams uncover hidden data flows, unauthorized third-party integrations, and potential attack vectors.
Key Features:
Real-time detection of XMLHttpRequest, Fetch API, and WebSocket connections
Automatic filtering of static resources (images/CSS/fonts)
Security-focused reporting with domain frequency analysis
Exportable audit trails in markdown format
Cross-origin call tracking with full URL capture
Manifest V3 compliant with strict CSP policies
Ideal For:
Identifying shadow APIs in enterprise web applications
Auditing data flows for GDPR/HIPAA compliance
Detecting unauthorized third-party trackers
Educational white-hat hacking exercises
Penetration testing reconnaissance phases
Monitoring client-side supply chain risks
Technical Specifications:
Operates at document_start phase to capture initializations
Content script injection via Chrome extension APIs
Background service worker maintains isolated call registry
Secure message passing between components
Zero data collection/telemetry
Use Cases:
Vulnerability Assessment: Map all external endpoints contacted during user sessions
Incident Response: Quickly identify compromised APIs during breach investigations
Third-Party Audit: Document data leakage points to external services
Developer Education: Visualize runtime network behavior of SPAs
Compliance Reporting: Generate evidence of endpoint security checks
Advanced Capabilities:
Path-based sorting and domain clustering
Automatic deduplication of repeated calls
Query parameter stripping for clean analysis
Multi-frame tracking (iframes/web workers)
Detection bypass prevention through prototype hooks
For Security Teams:
Prioritize endpoints by call frequency
Spot anomalous domains in real-time
Export findings to standard threat intelligence formats
Integrate with SIEM systems via manual export
Development Philosophy:
Minimal permissions required (storage, downloads, webNavigation)
No background page persistence
Strict content security policy enforcement
Regular updates to match evolving web standards
Open Source Ready:
Clean codebase for organizational customization
MIT License (contact developer for enterprise terms)
Built for extensibility (add custom filters/hooks)
Install to gain immediate visibility into client-side network activity and strengthen your organization's web application security posture. Essential for modern cybersecurity defense-in-depth strategies.
API Call Detector web extension integrated with the OffiDocs Chromium online
