Request Maker

Hack-Tools

The all in one Red team extension for web pentester HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads in different websites or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in pop up mode or in a whole tab in the Devtools part of the browser with F12. - Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat) - Shell Spawning (TTY Shell Spawning) - MSF Venom Builder - XSS Payloads - Basic SQLi payloads - Local file inclusion payloads (LFI) - Data Encoding - Obfuscated Files or Information - Hash Generator (MD5, SHA1, SHA256, SHA512, SM3) - Useful Linux commands (Port Forwarding, SUID) - RSS Feed (Exploit DB, Cisco Security Advisories, CXSECURITY) - CVE Search Engine - Various method of data exfiltration and download from a remote machine

Page Load Timer

Shows page load time in the toolbar and alerts when performance drops. This extension measures page load time and displays it in the toolbar automatically. It also shows alert whenever page performance goes down. Navigation Timing API is used for precise measurement. How to use: 1. Add plugin to browser. 2. Pin the plugin to the toolbar. 3. Now open any website and it will automatically show the page load time on it's logo itself. 4. You can view and download the report for the last 100 opened webpages. 5. Feature to whitelist and blacklist website is available under settings which will help to run plugin only on particular website and show time for them. 6. User can set the max load time as well. If load time of page exceeds max load time, it will show alert. Please follow this video for live demo- https://www.youtube.com/watch?v=txDT87bUJg8 If you have any query or face any problem, please send us an email at support@selectorshub.com

OWASP Penetration Testing Kit

The OWASP Penetration Testing Kit (PTK) browser extension is your all-in-one solution for streamlining your daily AppSec tasks. Whether you’re a penetration tester, a Red Team member, or an AppSec practitioner, OWASP PTK enhances your efficiency and provides deep insights into your target application. Runtime Scanning (DAST & IAST & SAST & SCA): Perform Dynamic Application Security Testing, Static Analysis, In-Browser IAST and Software Composition Analysis on the fly. Identify SQL injection, command injection, reflected/stored XSS, SQL auth bypass, XPath injections, JWT attacks, and other complex threats. Static Analysis (SAST): PTK automatically parses loaded JavaScript, HTML, and CSS right in your browser—before any code ever runs. It flags unsafe patterns like `eval()`, `innerHTML`/`outerHTML` injection, insecure cryptographic calls, missing input sanitization, and common anti-patterns. In-Browser IAST (Interactive Application Security Testing): PTK’s built-in IAST engine instruments your app at runtime—right in the browser—tracking taint flows and code execution to flag vulnerabilities as they occur. Catch issues like DOM-based XSS, unsafe `eval`/`innerHTML` usage, open-redirects, and more without leaving your dev tools. JWT Inspector: Analyze, craft, and tamper with JSON Web Tokens. Generate keys, test null signatures, brute-force HMAC secrets, and inject malicious `jwk`, `jku`, or `kid` parameters. Insightful Application Info: One-click visibility into tech stacks, WAFs, security headers, crawled links, and authentication flows. Built-in Proxy & Traffic Log: Capture all HTTP(S) traffic, replay requests in R-Builder, and automate XSS, SQLi, and OS command injection. R-Builder for Request Tampering & Smuggling: Craft and manipulate HTTP requests, including complex request-smuggling techniques. Now with cURL import/export. Cookie Management: Add, edit, remove, block, protect, export, and import cookies from a powerful in-browser editor. Decoder/Encoder Utility: Instantly convert between UTF-8, Base64, MD5, URL-encode/decode, and more formats. Swagger.IO Integration: Browse and interact with API endpoints directly from your Swagger documentation. Selenium Integration: Shift left security by running automated Selenium tests with built-in vulnerability checks. Enhance your AppSec practice with PTK—the extension that makes your browser smarter and your testing faster. Install today and start uncovering vulnerabilities in real time!

Relay – Intercept, Modify & Run HTTP Requests in Your Browser

Intercept, edit, and run HTTP requests directly in your browser. No account needed. Relay is an open-source Chrome extension that lets you capture, edit, and test HTTP requests directly in your browser. No account needed—just install and start using. Key Features 🔧 Capture HTTP Traffic in Real Time 📡 Relay intercepts HTTP and HTTPS requests as you browse, making it easy to filter by method (GET, POST, etc.) or URL so you only see the requests that matter. Modify Requests Instantly ✏️ Edit every aspect of a captured request, from the base URL and HTTP method to headers, query parameters, and body content. You can even adjust response details for flexible testing. Run API Requests in the Browser ⚡ Send and test API requests directly in your browser with immediate feedback—no need for external tools. You can also export requests as cURL commands if you need them for other uses. Save Your Sessions 📂 Organize and revisit your sessions, so you can easily review and analyze past requests when needed.