🔒 v1.4 · DevTools Extension

The Fastest Way to Test
API Security
Inside Chrome DevTools

Test API security faster. Capture, modify, and replay HTTP requests directly inside Chrome DevTools—no proxy setup, no context switching.

WebSlurp screenshot
🔍 Inspect headers
Modify & replay
🔐 OAuth 2.0 ready

Watch WebSlurp at work

Click any thumbnail to open the demo. Each video shows a key feature of WebSlurp.

Open DevTools
Change HTTP Method
Edit Query Params
Search Response
Save Local Files
Change Theme

Install Now →

Find secrets & PII in API responses

WebSlurp automatically highlights sensitive data—API keys, tokens, emails, phone numbers, and more—so you can spot leaks before they become incidents.

WebSlurp detecting API key in response
🔑 API key & Bearer token detected in JSON response
WebSlurp finding email addresses and phone numbers
📧 Email addresses and phone numbers flagged
WebSlurp security headers audit
🛡️ Missing security headers (CSP, HSTS) are reported

⚡ No extra configuration — it just works

From browser to replay in seconds

WebSlurp eliminates the copy-paste dance. See how it stacks up against traditional tools.

1 Open browser Open browser Open browser
2 Inspect → XHR/Fetch Open Burp Suite Inspect → WebSlurp
3 Copy request data Capture / intercept Edit request
4 Open Postman Edit request Send request
5 Build / import Send request ✅ Done
6 Edit request
7 Send request
⏱️ WebSlurp keeps the workflow where the request already happens: inside your browser.

Built for developers & testers

Whether you're debugging an API, hunting bugs, or just wondering what an endpoint is actually doing, WebSlurp keeps the requests you care about within easy reach.

📡

Capture API Requests

Automatically capture XHR & Fetch requests from the active tab, complete with headers, bodies, and the details worth inspecting.

real-time
🔧

Edit & Replay

Change headers, query parameters, body, or authentication, then replay the request with a single click. No copy-paste marathon required. Your Ctrl+C key deserves a break.

flexible
🔐

Authentication Made Easy

OAuth 2.0, Bearer Tokens, and Basic Auth are built right in, so you can spend less time wrestling with authentication and more time testing the actual API.

built-in
🛡️

Quick Security Check

Automatically audit security headers (CSP, HSTS, X-Frame-Options, etc.) and detect secrets, tokens, and PII in API responses. Get actionable insights to harden your API.

automated
📋

Copy as cURL

Need the request somewhere else? Copy it as curl, cookies included, and take it wherever your terminal leads you.

portable
💾

Save & Restore

Save captured requests locally with one click, so you won't lose important API calls after refreshing the page or closing DevTools..

persistent

Install Now →

Install in 2 minutes

WebSlurp is open source and runs straight from the source. No Chrome Web Store (yet)—just clone it, load it, and you're good to go.

1

Clone the repo

git clone https://github.com/hangga/webslurp.git

2

Open Chrome Extensions

Navigate to chrome://extensions/ and enable Developer mode.

3

Load unpacked

Click Load unpacked and select the folder containing manifest.json.

Terminal ➝ Cloning WebSlurp
$ git clone https://github.com/hangga/webslurp.git
Cloning into 'WebSlurp'...
remote: Enumerating objects: 138, done.
remote: Counting objects: 100% (138/138), done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 138 (delta 68), reused 103 (delta 42), pack-reused 0 (from 0)
Receiving objects: 100% (138/138), 1.15 MiB | 4.58 MiB/s, done.
Resolving deltas: 100% (68/68), done.
⚡ Less Setup

Less Setup. More Testing.

No separate app to configure, no account to create, and no proxy to set up. WebSlurp runs right where you're already working.

Postman Burp Suite WebSlurp
1 Download installer from website Download installer / JAR file Clone the repo
2 Run the .exe / .dmg file Install (requires Java JRE) Chrome ExtensionsDeveloper mode (enable)
3 Follow the installation wizard Accept license & choose directory Load unpacked
4 Open the Postman app Open Burp Suite Ready to use immediately!
5 Must Login / Sign Up Set manual proxy
6 Ready to use Ready to use
✅ Simplest!
🚀 Bottom line: WebSlurp requires no installation, no Java, no login, and no proxy setup — just right-click Inspect → WebSlurp and you're good to go!

Contributions welcome

Found something annoying? Have a cool idea? Open an issue, send a PR, or surprise us. Every contribution makes WebSlurp a little better.

  • 1 Fork the repository
  • 2 Create a feature branch: feature/amazing-feature
  • 3 Commit your changes with clear messages
  • 4 Push and open a Pull Request
📄

MIT License

Free forever. Fork it, improve it, break it (preferably not on Friday), then fix it—we're all here to build better tools.

✓ Open Source
⭐ Star us on GitHub