dhildnnjbegaggknfkagdpnballiepfm
rep+ - Capture, modify, and replay HTTP requests in Chrome DevTools with AI-powered security analysis. rep+ is a powerful Chrome DevTools extension that brings Burp Suite Repeater functionality directly into your browser. Now enhanced with AI, it helps developers, security researchers, and bug bounty hunters test and analyze HTTP requests smarter and faster—no proxy setup required. With rep+ you can: - Capture and replay HTTP requests from any tab, without proxy setup - Group, filter, block, and search requests using text or regex - Convert data inline (Base64, URL encode/decode, JWT decode, Hex/UTF‑8) - Inspect responses in multiple formats with syntax highlighting and line numbers - Passively extract hidden endpoints from JavaScript - Discover query, body, header, and path parameters with risk classification and confidence scoring - Suppress false positives by ignoring common frameworks, libraries, telemetry, and generic fields - Detect secrets in JavaScript using high‑coverage Kingfisher rules - Export endpoints, parameters, and secrets to CSV or Postman - Search deeply inside responses and JavaScript - Run built‑in automated attacks (Sniper, Battering Ram, Pitchfork, Cluster Bomb) - Use AI for request explanations and attack suggestions via API or local LLM (Ollama) - AI‑powered request analysis, modification, and attack suggestions - Per‑request isolated chat with cross‑request references - One‑click AI‑driven request edits with visual feedback - Local or API‑based LLM support with aggressive token optimization - Automatically remove duplicate requests during capture to eliminate noise and keep only unique traffic Why install it? - Works natively inside your browser - Designed for speed, clarity, and real pentesting workflows - Helps you uncover security issues and understand application behaviour faster - Ideal for bug bounty hunters, red teamers, AppSec, and curious devs
S3BucketList
S3BucketList automatically scans network requests made by your browser to detect Amazon S3 bucket URLs In penetration testing, searching for S3 Buckets can be a exhaustive task, which requires you to filter, search, and check for every S3 bucket urls. This extension does all that work for you while you browse the internet. It will instantly notify you, automatically filter buckets, and lists all the permission it was able to extract, even tell you what buckets are unclaimed.
Shodan
The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open. The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.
Pathprobe
PathProbe is a powerful Chrome Developer Tools extension designed for web security testing and ethical hacking. This tool enables rapid and efficient discovery of sensitive data by asynchronously scanning user-defined paths of specified targets. Subdomain Enumeration: Perform automated multi-domain testing using free, open-source methods—no API keys required. New Method Fetching: Streamline your testing process with enhanced data-gathering capabilities. Advanced Filtering and Search: Manage results effortlessly with robust tools for sorting and finding key insights. Ideal for ethical hackers, security specialists, and developers, PathProbe is a versatile solution to enhance website security. Initially developed as a personal project, PathProbe is now publicly available. Consider supporting its development via the project settings. *1.2.0: Multi Method option added, free subdomain enum added, censys removed, more paths, responseTime added, general fixes and optimization
DOMLogger++
DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations. DOMLogger++ is a browser extension developed for web developers and security researchers. It hooks into specific JavaScript sinks, helping users understand how web scripts operate. With customizable JSON settings, users can adjust how the extension works according to their needs. This tool is especially useful for those looking to identify security risks in web applications. By offering insights into JavaScript interactions, DOMLogger++ can help spot potential vulnerabilities in websites. - [x] Regex-based domain management. - [x] Flexible hooking configuration (class, function, attribute, event). - [x] Regex-based hooks arguments and stack trace filtering (match, !match, matchTrace, !matchTrace). - [x] Dynamic regex generation (exec:). - [x] Dynamic sinks arguments update (hookFunction). - [x] Customizable notifications system (alert, notification). - [x] Required hook logging condition (requiredHook). - [x] On-demand debugging breakpoints. - [x] Integrated Devtools log panel. - [x] Response headers filtering. - [x] Remote logging via webhooks. - [x] Extensive theme customization.
