Documentation

Sift is a read-only viewer for HTTP session captures. It opens HAR, Fiddler SAZ, and Charles files, parses them in memory, and renders a request and response inspector. It does not capture traffic, proxy, intercept, or modify anything.

Install

As a Chrome DevTools panel

Sift is a Manifest V3 extension that adds a DevTools panel. It targets Chrome 110 and later. Until it is on the Chrome Web Store, load it unpacked:

Build the extension (see Build from source), which produces apps/extension/dist/.
Open chrome://extensions and enable Developer mode.
Click Load unpacked and select the apps/extension/dist folder.
Open DevTools (F12 or Cmd+Option+I) and find the Sift panel.

There is no toolbar popup. Clicking the extension icon does nothing by design; the interface lives only inside DevTools.

As an offline page

The same viewer ships as a single self-contained HTML file. Build it and open apps/standalone/dist/index.html directly in any browser. It runs fully offline and requests no permissions.

Or just use it online

The standalone viewer is hosted at siftext.vercel.app/app. It is the same self-contained page served over HTTPS, with no install and no permissions. The captures you open there are still parsed only in your browser and never uploaded.

Opening a capture

Drag one or more capture files onto the panel, or use the file picker. Multiple files merge into one list, tagged by source. Nothing is written to disk; reloading the page clears everything.

Supported formats

Format	Extension	Notes
HAR	`.har`	HTTP Archive JSON. Handles base64 bodies, form params, and redirect chains.
Fiddler SAZ	`.saz`	A ZIP, unzipped in memory. Encrypted archives are detected and refused.
Charles	`.xml`, `.trace`	Session exports, parsed defensively across Charles versions.

The inspector

The left pane is a virtualized request list with columns for method, status (colored by class), host, path, response type, size, and duration. Arrow keys, or j and k, move the selection.

The right pane has tabs:

Headers — request and response headers, grouped.
Query — parsed query-string parameters.
Cookies — request cookies and response Set-Cookie, with attributes.
Request body and Response body — pretty-printed and syntax-highlighted for JSON, XML, HTML, CSS, and JavaScript.
Timing — phase timings when the capture includes them.

Bodies larger than 512 KB wait behind a "render anyway" control so a single response cannot freeze the panel.

Redaction

Sensitive values are masked by default: Authorization and Proxy-Authorization headers, Cookie and Set-Cookie, common API-key header patterns, all cookie values, and token-shaped query parameters. Click a masked value to reveal that one, or use Reveal all to toggle everything. The same policy drives both the on-screen masking and the sanitized export, so they cannot disagree.

Sanitized export

Export sanitized HAR rebuilds a valid HAR file with every sensitive value replaced by [REDACTED]. This lets you share a capture without sharing your credentials. It is the only file Sift produces, and only as a download you start. Nothing is written automatically.

Search and filters

The search box matches free text across URL, request and response headers, and body text. Quick filters narrow the list by method, status class (2xx through 5xx), host, and response MIME type. Filters and search combine.

Limitations

Brotli (br) response bodies are not decoded; they are shown as bytes with a "not decoded" badge.
Encrypted or password-protected SAZ archives are refused with a clear message rather than guessed at.
Charles .chls and .tcpsf (Java serialization) and packet captures (pcap/pcapng) are not supported.
There is no live capture. Sift views files you already have.

Build from source

The project is a pnpm monorepo. With Node and pnpm installed:

pnpm install
pnpm test               # parser, redaction, and search tests
pnpm build              # build core, extension, and standalone
pnpm build:extension    # extension only, output in apps/extension/dist
pnpm build:standalone   # standalone HTML, output in apps/standalone/dist
pnpm verify             # build, test, and prove zero network egress

To package the extension for the Chrome Web Store:

pnpm zip:extension                      # bump patch, build, zip
SIFT_VERSION=1.4.0 pnpm zip:extension   # pin an exact version

FAQ

Does anything get uploaded or saved?

No. Captures are parsed in memory and discarded. There is no storage and no network access. See the privacy policy.

Why does clicking the extension icon do nothing?

Sift is a DevTools panel, not a popup. Open DevTools and select the Sift tab.

I switched tabs and my capture disappeared.

That is intentional. Sift clears parsed data when the page is hidden or reloaded, as part of its memory hygiene. Drop the file again.

Can it capture live traffic?

Not in this version. Sift only views capture files you provide.