MAGIC BOX

Paste anything. We'll route it.

Magic Box detects 40+ developer formats — JSON, CSV, JWT, XML, YAML, cURL, Base64, .env, SQL, cron, timestamps, certs, and more — and points you to the right tool. All detection runs in your browser. Nothing is sent anywhere.

Detected formats

What Magic Box recognizes

JSON
API responses, configs, payloads. Pretty-printed, minified, or single-line.
YAML
Configs, Kubernetes manifests, GitHub Actions workflows.
CSV / TSV
Comma- or tab-delimited tabular data with auto-detected delimiter.
JWT
Three Base64URL-encoded segments separated by dots. Local decode only.
XML / SOAP
XML documents, SOAP envelopes, XPath expressions.
cURL command
Full curl invocation — parsed into method, URL, headers, body.
Base64 / Base64URL
Encoded strings, with auto-detection of URL-safe variants.
.env / dotenv
KEY=value pairs, with shell-escape and JSON conversion.
SQL
SELECT/INSERT/UPDATE statements, IN-clause builders.
Cron expression
5- or 6-field cron with human-readable explanation.
Unix timestamp
Seconds or milliseconds, with timezone-aware conversion.
URL / querystring
URLs, query strings, percent-encoded values.
HAR / webhook payload
HTTP Archive files and webhook bodies for sanitizing or replay.
PEM / X.509
Certificates, CSRs, JWKs, PKCS bundles.
HOW TO USE IT

Best results from Magic Box

Paste one complete artifact at a time: a full JSON object, one JWT, one cURL command, one URL, or one .env block. Magic Box looks at syntax, separators, headers, and common field names to rank the most likely tools. If the result is ambiguous, choose the closest suggestion and then continue from that tool's related actions.

What happens to pasted data

Detection runs locally in the browser. The page does not upload your payload, and suggestions are based on in-memory parsing. Use Secrets Scanner or PII Detector / Redactor before sharing logs, HAR files, JWTs, or production config snippets.

Related entry points