Skip to content

v1.10.0 — page-load capture + fidelity + page safety + WebSocket

Latest

Choose a tag to compare

@ctala ctala released this 25 Jun 14:22

Major capture-quality + safety release, driven by an adversarial edge-case audit (20 findings, 16 fixed) plus the LinkedIn page-load capture fix. 83 unit + 12 e2e green (real Chromium, real MV3 contexts).

Install

  1. Download api-reverse-engineer-1.10.0.zip below and unzip it.
  2. chrome://extensions → enable Developer modeLoad unpacked → select the unzipped folder (remove any older copy first).
  3. For reverse-engineering your own APIs, untick Redact secrets for full-fidelity, replay-ready captures. Redaction is a safe-to-share feature, not self-protection.

Highlights

Capture coverage

  • Page-load capture (document_start MAIN-world injection) — captures the API calls a SPA fires on load/navigation (LinkedIn Voyager graphql / RSC), previously missed entirely.
  • WebSocket capture — realtime chat / presence frames (WS_SEND / WS_RECV), previously a blind spot.
  • Decode blob/arraybuffer XHR bodies — LinkedIn serves Voyager JSON over responseType='blob'; the full responseType enum is handled and never throws into the page.

Fidelity (data lost even in raw mode)

  • fetch(new Request(url,{body})) request body captured (RSC/GraphQL writes were body:null).
  • Big-int IDs preserved byte-exact in request.bodyRaw (entityUrn / snowflake).
  • URLSearchParams / FormData bodies serialized (were {}).
  • Reused XMLHttpRequest no longer duplicates / mislabels captures.

Page safety

  • Streaming / SSE responses no longer hang the page (response returned immediately; clone read detached + byte-capped). clone() guarded.

Redaction (safe-to-share, no-op in raw mode)

  • Recurse arrays + deep nesting (Voyager included[] tokens leaked); redact URL query/fragment params.

Robustness

  • Pre-recording buffer bounded by bytes + drop warning; closing the recording tab does an implicit STOP.

Deferred (low probability, documented): OPFS QuotaExceededError, large-capture download memory, fallback eviction signal, value-side header redaction.

Full notes in CHANGELOG.md.