A local harness for turning messy web apps into usable APIs. Open a site, click the flow that exposes the data, and capture the request structure behind the UI.
DOM automation asks which selector to click. API sniffing asks what request the click caused. This tool records Playwright network traffic while you use a page, groups likely API endpoints, infers JSON response shapes, and produces a small replay script you can turn into a reliable job.
events.ndjson with redacted request and response eventscandidates.json grouped by likely API endpointsummary.md with the endpoint map and response shapesreplay.sh with curl templates for the strongest candidatesraw.har without response bodies for browser-level inspectionCookies, auth headers, API keys, CSRF tokens, and sensitive query params are redacted by default. Captured HARs, browser profiles, and sniff outputs are ignored from git so logged-in sessions do not leak into commits.
npm run sniff-api -- --url https://example.com --duration 90For logged-in sites, run with --profile data/browser-profiles/site-name so the browser session persists between captures.