WebPage Same Origin APIs

Name: WebPage Same Origin APIs
Author: Libor Benes (Dr. B)

Detects same-origin APIs (REST, GraphQL, internal endpoints) and WebSocket connections used by the current webpage. Displays them in a fading popup with easy copy/export. • Secure. 100% client-side. No tracking. No data collection.

Download

Install

Features & Capabilities

WebPage Same Origin APIs is a Firefox extension that helps developers, security researchers, and technical users instantly see the backend APIs and WebSocket connections that the current webpage is actually calling.

It monitors network requests in real time and displays only same-origin APIs — such as REST endpoints, GraphQL queries (/api/graphql/, /voyager/api/, /youtubei/v1/, etc.), and WebSocket connections — while ignoring static assets and third-party calls.

Features: • Automatic fading toast notification when APIs or WebSockets are detected (top-right, fades out after 8 seconds, manual close available). • Clean popup with scrollable list and always-visible Copy List + Export JSON buttons. • Timestamped exports (same_origin_apis_YYYY-MM-DD_HH-MM-SS.json). • Dynamic updates — continues detecting new calls as the page loads more content (ideal for Facebook feed, YouTube player, infinite scrolls). • High-contrast dark UI with color-coded method badges (GET = green, POST = orange, others = purple). • One-click copy of the full list or individual items. • Expanded API pattern recognition including /v3/, /rpc/, /gateway/, and more.

Ideal For: • Understanding how real websites (YouTube, LinkedIn, Facebook, etc.) communicate with their backends. • API exploration, debugging, and integration testing. • Bug bounty hunting and security analysis. • Learning modern web architecture. • Scraping research and reverse engineering.

Security-First Architecture: • The extension is 100% client-side. • No data collection or transmission. • No telemetry, analytics, or tracking. • Everything stays in your browser. • Explicitly declared “no data collection” in the manifest.

Technical Details: • Works on Firefox 140.0+ (desktop only). • Uses webRequest API combined with early content-script hooks (fetch, XMLHttpRequest, sendBeacon) for better compatibility. • Flat file structure with safe DOM methods only. • Lightweight and performant. • Runtime Execution RAM Footprint: ~26 KB (the execution files). • Total Extension Download/Install Size: ~61 KB (including README.md).

Note: On Facebook and Instagram, best results are achieved by opening a fresh tab due to heavy Service Worker usage. Scrolling the feed continues to display additional endpoints.

Test the WebPage Same Origin APIs add-on on YouTube, Facebook, LinkedIn, or any modern single-page application to see dozens of real internal API and WebSocket calls in action.

User Growth & Download Statistics

Add-on

By:

Libor Benes (Dr. B)

Daily users:

Version:

1.0 Last updated: 2026-03-31

Version code:

6199837

Creation date:

2026-03-28

Risk:

Permissions:

Content scripts matches:

<all_urls>

Size:

26.77KB

Email:

Be*****@iwp.edu

URLs:

Website

Full description:

Source:

Firefox Add-ons Store

Data ingested on:

2026-06-05

Compare stats and ranking:

Ranking

# 144,263 ▼ 9,004

Other rankings

#170 in gateway keyword 22 ▼ 4

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.

Developed by:

Libor Benes (Dr. B)

Firefox Add-ons Store

https://addons.mozilla.org/firefox/addon/webpage_apis/

Email:

Be*****@iwp.edu

Website:

https://www.linkedin.com/in/LiborBenes

Is WebPage Same Origin APIs Safe?

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

WebPage Same Origin APIs requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details

Critical Grants access to browser tabs, which can be used to track user browsing habits and history, presenting a privacy concern.
Critical ****** ****** ** *** ********* ****** * *********** ******** **** ** ** *** ******* *** ****** **** **** *** ******* *****
High ****** *** ********* ** ******* *** ******* ******* ** ****** *** *** ******** ******
High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****
High ****** ******* *** ********* ********* ******** ***** *** ** ********** ****** * ******** ******* *****

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

WebPage Same Origin APIs is recently added, and hasn't been around long enough for us to gather enough data to accurately assess its risk level.

Risk likelihood analysis details

High This extension website URL may be invalid
High **** ********* *** *** **** ****** ********* ********** *** *** ** ****** ** *****
Medium **** ********* *** ******* ** *** **** * ******* *** ******* *** *** ** ****** ** *****
Medium **** ********* *** ***** ** *** **** * ******* *** ********** *** *** ** ****** ** *****