Launching today

WebSlurp
The Fastest Way to Test API Security Inside Chrome DevTools
15 followers
The Fastest Way to Test API Security Inside Chrome DevTools
15 followers
WebSlurp is a free, open-source Chrome DevTools extension for API testing. Capture, inspect, edit, and replay HTTP/HTTPS requests without using an external proxy. Includes Quick Security Check to audit headers and detect secrets/PII.




Love that it runs without an external proxy, that was a dealbreaker for me with other tools. One thing that would make it way more useful for me: saved request diffing between environments, so I can replay the same call against staging vs prod and see exactly which headers or response fields changed.
@erginel28238 Thank you for the valuable suggestion! I'll definitely keep this in mind and explore it as WebSlurp continues to evolve.
Caught a misconfigured auth header on my first replay, which was honestly more useful than I expected from a quick install. The Quick Security Check saving me from accidentally leaking a test token was a nice surprise.
@taagzahide13498 Thanks! That's exactly the kind of workflow I built WebSlurp for. I'm glad the replay feature and Quick Security Check proved useful right away. I appreciate you giving it a try!
Love that it runs entirely inside DevTools instead of spinning up a separate proxy, keeps the workflow feeling seamless when debugging. The Quick Security Check built right into the request panel is a really thoughtful touch for catching leaks early.
Love having something like this built right into DevTools, especially the security check is clutch. One thing that would be sweet is letting me save and group captures into collections or projects, so when I'm juggling multiple endpoints across different features I can switch contexts without losing my place.
finally a lightweight way to test endpoints without spinning up Postman or fiddling with proxies, and the security header audit caught a missing CSP i had been ignoring for weeks.
finally a lightweight way to test endpoints without spinning up Postman or a proxy, and the secret detection in the security check caught an api key i forgot was in a response header.