





















概述
HTTP Request Repeater and Interceptor for security testing
Chiral – Browser-Native Security Suite for Chrome DevTools Chiral brings Burp Suite-level manual testing capabilities directly into your Chrome DevTools. Designed for researchers who prioritize speed, precision, and an uncluttered workflow. No proxy certificates, no Java environment, and no "magic" AI bloat—just powerful, expert-grade tools that get out of your way. Core Workflow Features ● True In-Flight Interception (CDP-Powered): Attach the Chrome Debugger to pause requests and responses in mid-flight. Modify method, URL, headers, and body before forwarding, or drop entirely. Edit response status codes and bodies before they reach the page. ● Professional Repeater & Diff View: Edit and replay captured requests with a table-based header editor or raw mode. Use the side-by-side Diff View (up to 8 panels) to spot minute byte-level discrepancies in responses. Cross-request search with regex and body content filtering. ● Intruder Fuzzing Engine: Mark payload positions with §markers§ and launch attacks. Four attack types: Sniper, Battering Ram, Pitchfork, and Cluster Bomb. Built-in payload generator for bruteforce attacks. Grep Match to flag successful attempts based on response patterns. ● Automated Sequence Chains: Turn a discovery into a reproducible Proof of Concept. Chain requests with Postman-style variables ({{VARNAME}}) and regex-based extraction rules. Transform steps for encoding/hashing. Condition steps for validation and branching logic. ● Passive & Active Recon Engine: Identify tech stacks, misconfigurations, and leaked secrets using 67+ regex-driven rules. In Active Mode, Chiral automatically modifies and resends requests based on your custom rule actions, or triggers sequences. ● Dynamic Target Mapping: Automatically build a structured map of your target's attack surface. Path normalization (e.g., /user/123 → /user/{id}), method tracking, and parameter extraction per endpoint. Probe for common files (robots.txt, swagger.json, .git/config). Spider in passive (fetch) or active (navigate) mode with form submission support. Advanced Power Features ● WebSocket Monitoring: Real-time capture of WebSocket connections and frames with direction filtering and JSON formatting. ● Sandboxed Scripting: All 19+ encode/decode/hash operations (Base64, JWT, SHA-256, MD5) are user-editable JavaScript scripts running in a secure iframe. ● Integrated Cookie & Storage Manager: Full CRUD control over browser cookies and localStorage/sessionStorage. Edit attributes or import/export sessions. ● SSL Certificate Inspection: View certificate details, validity, and Subject Alternative Names directly in the response viewer. ● Regex-Centric Everything: From detection rules to extraction, Chiral uses a unified regex engine. No complex dropdowns—just raw pattern matching power. ● cURL Integration: One-click cURL export for any request, or import cURL commands directly into the Repeater or Sequences. The Chiral Philosophy No "Cheap Aesthetics": Professional tools are made for professionals. No AI-bloat or hidden "secret sauce". All rules, transforms, and sequences are open and customizable. No Special Cases: Built-in features use the same systems as user-defined ones. You can inspect, modify, or replace any default rule or script. Performance First: Passive capture runs via native DevTools APIs with zero overhead. No debugger warning until you need active interception. Privacy & Security ● Local-Only: All data, rules, and history are stored locally in chrome.storage.local. Nothing is ever sent to an external server. ● Transparent Permissions: Optional permissions for cookie management, requested only when needed. ● Manifest V3 Compliant: Fully adheres to the latest Chrome security, privacy, and performance standards. Ready for rapid manual testing? Add Chiral to your DevTools today.
版本
1.2.1
上次更新日期
2026年2月23日
提供方
F0
大小
180KiB
语言
开发者
OÜ F0
Riia 181a
316
Tartu, Tartumaa 50411
EE
chiral@f0.ee
+372 5883 8798
交易者
此开发者已根据欧盟的定义将自己标识为交易者,并承诺仅提供符合欧盟法律要求的产品或服务。
D-U-N-S
565740017
管理扩展程序并了解它们在组织中的使用情况
若有任何疑问、建议或问题,请访问开发者的支持网站
XApi HTTP Client - Api Testing Tool
0.0
Intercept, debug & replay HTTP requests. A comprehensive API client with collections and cURL support inside Chrome DevTools.
ModHeader - Modify HTTP headers
3.0
Modify HTTP request headers, response headers, and redirect URLs
测试API
5.0
发现测试API在线 - 一个强大多功能的REST客户端,可以无缝测试API端点。您首选的Chrome API测试工具。
REST 客户端
4.9
使用 REST 客户端 - 您强大的 REST API 客户端工具,用于在线和本地在 Chrome 中测试和调试 HTTP 请求。
X-Proxy
4.2
A modern proxy switcher for Chrome with HTTP(S) and SOCKS5 support
HackTools++
4.7
HackTools++: Repeater, Intruder, Decoder, and Scanner in DevTools. Capture, edit, and replay HTTP requests for testing.
OWASP Penetration Testing Kit
4.8
OWASP Penetration Testing Kit
测试 API
5.0
测试 API 扩展提供了一个全面的 API 测试工具,直接在您的浏览器中帮助您轻松测试 API 端点。
Network Request Capturer Pro
5.0
Professional network debugging tool. Capture, analyze and export HTTP requests with advanced filtering.
CyberInject
0.0
Professional security testing toolkit for ethical hackers and penetration testers
rep+
5.0
rep+ - Capture, modify, and replay HTTP requests in Chrome DevTools with AI-powered security analysis.
Inssman: Open-Source: Modify HTTP Request
4.1
Intercept HTTP(S) Request, Modify Headers, Log headers, Change Response, Block Request, Redirect, Custom HTML/CSS/JS/JSON
XApi HTTP Client - Api Testing Tool
0.0
Intercept, debug & replay HTTP requests. A comprehensive API client with collections and cURL support inside Chrome DevTools.
ModHeader - Modify HTTP headers
3.0
Modify HTTP request headers, response headers, and redirect URLs
测试API
5.0
发现测试API在线 - 一个强大多功能的REST客户端,可以无缝测试API端点。您首选的Chrome API测试工具。
REST 客户端
4.9
使用 REST 客户端 - 您强大的 REST API 客户端工具,用于在线和本地在 Chrome 中测试和调试 HTTP 请求。
X-Proxy
4.2
A modern proxy switcher for Chrome with HTTP(S) and SOCKS5 support
HackTools++
4.7
HackTools++: Repeater, Intruder, Decoder, and Scanner in DevTools. Capture, edit, and replay HTTP requests for testing.
OWASP Penetration Testing Kit
4.8
OWASP Penetration Testing Kit
测试 API
5.0
测试 API 扩展提供了一个全面的 API 测试工具,直接在您的浏览器中帮助您轻松测试 API 端点。
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。