ekofyi

Available for work

I'm Eko. I build bots that don't break, reverse-engineer APIs that don't have docs, and find the security holes before someone else does.

See my tools Read the blog About me
5+ yrs
Security & automation
30+
APIs integrated without docs
50+
Dev tools shipped
🛡️
Google Bug Hunter
Verified security researcher — found valid bugs in Google products
01/Tools
things i've built
Featuredcategory: api
Livev1.0.0

cURL → Auth Flow Visualizer

Paste cURL commands from DevTools → see how tokens, cookies, and auth flow between requests.

Try it

auth flow · live

Livev1.0.0

JSON Formatter & Validator

Format, validate, fix, and explore JSON — with tree view and auto-repair.

open
Livev1.0.0

JWT Decoder

Decode, verify, and generate JWT tokens — all client-side.

open
Livev1.0.0

Base64 Encoder/Decoder

Encode/decode Base64 and Base64URL — with file support and auto-detection.

open

↳ explore all 50+ tools

02/Writing
notes from the trenches
  1. How I got free cinema credit by ordering -2 popcornsMay 19, 2026
  2. CloakBrowser: I tested it against 5 bot detectors — here's what happenedMay 19, 2026
  3. Mole: the open-source CleanMyMac replacement I actually use nowMay 19, 2026

↳ all posts

03/What I do
services · stack · availability

What I do

Security engineering, API reverse engineering, and automation. Previously at a company doing pentesting and security assessments, now independent — building tools, hunting bugs, and taking on project work.

  • API reverse engineering & integration
  • Security assessment (web & API)
  • Automation & scraping that lasts
  • Developer tools & internal dashboards
Full background →hello@ekofyi.com
eko.configread-only
01 lang: node, python, +adapt
02 tools: burp, mitmproxy, curl, +oss
03 security: web, api
04 approach: direct API, no low-code
05 mode: remote
06 location: Indonesia · UTC+7
open to project work

Got a project in mind?

Tell me what you're building.
I reply within 1–3 days.

hello@ekofyi.com@ekofyi on X →