{"id":46645088,"url":"https://github.com/repplus/rep-chrome","last_synced_at":"2026-03-15T23:02:04.173Z","repository":{"id":325311760,"uuid":"1100674035","full_name":"repplus/rep-chrome","owner":"repplus","description":"rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks","archived":false,"fork":false,"pushed_at":"2026-01-13T12:31:32.000Z","size":1408,"stargazers_count":1355,"open_issues_count":9,"forks_count":166,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-01-13T15:36:43.479Z","etag":null,"topics":["css","html","javascript","markdown"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/repplus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["bscript"],"open_collective":"rep"}},"created_at":"2025-11-20T15:45:51.000Z","updated_at":"2026-01-13T12:32:08.000Z","dependencies_parsed_at":"2025-12-06T08:01:59.109Z","dependency_job_id":null,"html_url":"https://github.com/repplus/rep-chrome","commit_stats":null,"previous_names":["bscript/rep","repplus/rep","repplus/rep-chrome"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/repplus/rep-chrome","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/repplus%2Frep-chrome","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/repplus%2Frep-chrome/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/repplus%2Frep-chrome/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/repplus%2Frep-chrome/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/repplus","download_url":"https://codeload.github.com/repplus/rep-chrome/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/repplus%2Frep-chrome/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30245220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-08T00:58:18.660Z","status":"online","status_checked_at":"2026-03-08T02:00:06.215Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["css","html","javascript","markdown"],"created_at":"2026-03-08T04:31:42.837Z","updated_at":"2026-03-15T23:02:04.154Z","avatar_url":"https://github.com/repplus.png","language":"JavaScript","readme":"\u003cp align=\"center\"\u003e\n  \u003c!-- Chrome Supported --\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Chrome-Supported-4285F4?logo=googlechrome\u0026logoColor=white\" alt=\"Chrome Supported\"\u003e\n\n  \u003c!-- AppSec Tool --\u003e\n  \u003cimg src=\"https://img.shields.io/badge/AppSec-Tool-blueviolet\" alt=\"AppSec Tool\"\u003e\n\n  \u003c!-- Bug Bounty Friendly --\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Bug%20Bounty-Friendly-orange\" alt=\"Bug Bounty Friendly\"\u003e\n\n  \u003c!-- Stars --\u003e\n  \u003ca href=\"https://github.com/bscript/rep/stargazers\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/bscript/rep?style=social\" alt=\"GitHub Stars\"\u003e\n  \u003c/a\u003e\n\n   \u003c!-- Discord --\u003e\n  \u003ca href=\"https://discord.gg/D25vDTXFUP\"\u003e\n        \u003cimg src=\"https://img.shields.io/discord/1442955541293961429.svg?label=\u0026logo=discord\u0026logoColor=ffffff\u0026color=7389D8\u0026labelColor=6A7EC2\" alt=\"Discord\"\u003e\n  \u003c/a\u003e\n\n  \u003c!-- Sponsor --\u003e\n  \u003ca href=\"https://github.com/sponsors/bscript\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Sponsor-%F0%9F%92%96-ea4aaa?style=flat-square\" alt=\"Sponsor\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# rep+\n\nrep+ is a lightweight Chrome DevTools extension inspired by Burp Suite's Repeater, now supercharged with AI. I often need to poke at a few requests without spinning up the full Burp stack, so I built this extension to keep my workflow fast, focused, and intelligent with integrated LLM support.\n\n\u003cimg width=\"1713\" height=\"986\" alt=\"Screenshot 2025-12-26 at 15 35 43\" src=\"https://github.com/user-attachments/assets/31015b99-b1d0-4a8e-8f4d-0db3e43af59b\" /\u003e\n\n[![Watch Demo](https://img.shields.io/badge/Demo-Video-red?style=for-the-badge\u0026logo=youtube)](https://video.twimg.com/amplify_video/1992382891196571648/pl/zE5-oOXgVua1ZBQn.m3u8?tag=14)\n\n## 🚀 Install rep+ Chrome Extension  \n[![rep+](https://img.shields.io/badge/rep%2B%20Chrome%20Extension-Install%20Now-4285F4?style=for-the-badge\u0026logo=googlechrome\u0026logoColor=white)](https://chromewebstore.google.com/detail/rep+/dhildnnjbegaggknfkagdpnballiepfm)\n\n\n## Table of Contents\n- [Features](#features)\n- [Quick Start](#quick-start)\n- [Installation](#installation)\n- [Permissions \u0026 Privacy](#permissions--privacy)\n- [Limitations](#-limitations)\n- [Star History](#star-history)\n- [Found a Bug or Issue?](#found-a-bug-or-issue)\n- [❤️ Support the Project](#️-support-the-project)\n\n## Features\n\n### Capture \u0026 Replay\n- No proxy setup; works directly in Chrome (no CA certs needed).\n- Capture every HTTP request and replay with modified method, headers, or body.\n- Multi-tab capture (optional permission) with visual indicators 🌍 and deduplication.\n- Clear workspace quickly; export/import requests as JSON for sharing or later reuse.\n\n### Organization \u0026 Filtering\n- Hierarchical grouping by page and domain (first-party prioritized).\n- Third-party detection and collapsible groups; domain badges for quick context.\n- Starring for requests, pages, and domains (auto-star for new matches).\n- Timeline view (flat, chronological) to see what loaded before a request.\n- Filters: method, domain, color tags, text search, regex mode.\n\n### Views \u0026 Editing\n- Pretty / Raw / Hex views; layout toggle (horizontal/vertical).\n- Converters: Base64, URL encode/decode, JWT decode, Hex/UTF-8.\n- History, undo/redo, and syntax highlighting for requests/responses.\n- Context menu helpers on the request editor:\n  - Convert selected text (Base64, URL encode/decode, JWT decode).\n  - **Copy as** full HTTP request in multiple languages: `curl`, PowerShell (`Invoke-WebRequest`), Python (`requests`), and JavaScript `fetch`.\n- Screenshot editor for request/response pairs: full-content capture, side‑by‑side or stacked layout, zoom, highlight and black-box redaction, resizable/movable annotations, keyboard delete, and undo/redo for all edits.\n\n### Bulk \u0026 Automation\n- Bulk replay with 4 attack modes: Sniper, Battering Ram, Pitchfork, Cluster Bomb.\n- Mark positions with `§`, configure payloads, pause/resume long runs.\n- Response diff view to spot changes between baseline and attempts.\n\n### Extractors \u0026 Search\n- Unified Extractor: secrets, endpoints, and parameters from captured JS.\n- **Secret Scanner**: entropy + patterns with confidence scores; pagination and domain filter.\n  - Powered by [Kingfisher](https://github.com/mongodb/kingfisher) rules for comprehensive secret detection\n  - Supports AWS, GitHub, Google, Slack, Stripe, Twilio, Azure, and many more service providers\n  - Rules stored locally in `rules/` directory for offline use\n  - **Note**: Secret scanning only analyzes JavaScript files from the **current inspected tab**.\n  - **Export**: Export all secrets to CSV for analysis and reporting\n- **Endpoint Extractor**: full URLs, relative paths, GraphQL; method detection; one-click copy (rebuilds base URL).\n  - **Export**: Export all endpoints to CSV with method, endpoint path, confidence, and source file\n- **Parameter Extractor**: passive JavaScript parameter discovery with intelligent grouping and risk assessment.\n  - **Parameter Types**: Extracts query, body, header, and path parameters from JavaScript files\n  - **Grouped by Endpoint**: Parameters are organized by endpoint with expandable/collapsible groups\n  - **Risk Classification**: Automatically identifies high-risk parameters (auth, admin, debug flags, IDOR, feature flags)\n  - **Confidence Scoring**: Stricter confidence model than endpoints to reduce false positives\n  - **Smart Filtering**: Suppresses common false positives (webpack, React, jQuery, DOM events, telemetry)\n  - **Copy as cURL**: One-click copy generates curl commands with all parameters properly formatted\n  - **Location Badges**: Visual indicators for parameter location (query/body/header/path)\n  - **Domain Filtering**: Filter parameters by source domain with accurate counts\n  - **Column Sorting**: Sort by parameter name, location, endpoint, method, risk level, or confidence\n  - **Export Options**:\n    - **CSV Export**: Export all parameters with location, endpoint, method, risk level, and confidence\n    - **Postman Collection Export**: Generate ready-to-import Postman collection JSON with all endpoints and parameters\n      - Automatically groups parameters by endpoint\n      - Includes query, body, and header parameters\n      - Uses Postman variable syntax (`{{paramName}}`) for easy testing\n      - Perfect for security testers who want to quickly import discovered APIs into Postman\n- **Response Search**: regex support, match preview, pagination, domain filter.\n\n### AI Assistance\n\n#### Rep+ AI Assistance (Interactive LLM Chat)\n- **Interactive Chat Interface**: Real-time conversation with AI about your HTTP requests and responses\n  - Streaming responses with live markdown rendering\n  - Syntax highlighting for code blocks (supports multiple languages)\n  - Copy-to-clipboard for code blocks with visual feedback\n  - Token usage counter with color-coded warnings\n- **Per-Request Chat History**: Each request maintains its own conversation history\n  - Automatically saves chat when switching between requests\n  - Restores previous conversations when returning to a request\n  - Clear chat button resets only the current request's conversation\n- **Cross-Reference Previous Requests**: Reference investigations from other requests\n  - \"Reference previous requests\" UI with collapsible/expandable list\n  - Select which previous requests to include in context\n  - AI receives summaries of previous investigations for referenced requests\n  - Perfect for multi-step testing scenarios (e.g., login → authenticated request)\n- **Request Modification**: AI can modify requests directly in the editor\n  - \"Apply modifications\" button appears when AI suggests changes\n  - Smart detection: only shows when modifications are actually suggested\n  - Preserves request structure (headers, formatting, HTTP version)\n  - Animated application with visual feedback\n  - Supports header updates, body modifications, and new header additions\n- **Response History Tracking**: Tracks multiple responses from resends\n  - Maintains chronological history of all responses (original + resends)\n  - AI has context on all responses when analyzing changes\n  - Conditional inclusion: only includes full history when relevant (token optimization)\n- **Smart Context Management**: Intelligent token optimization\n  - Response truncation for large responses (~1,500 tokens max)\n  - Chat history compression (summarizes older messages)\n  - Conditional response inclusion (only when asked about)\n  - Limits response history to last 2-3 responses\n  - Keeps last 15 messages in conversation history\n- **Multi-Provider Support**: Works with Claude, Gemini, and local Ollama models\n  - Automatic model detection for Anthropic and Gemini APIs\n  - Manual URL/model configuration for local models\n  - Streaming support for all providers\n- **Use Cases**:\n  - Security testing and penetration testing guidance\n  - Request/response explanation and debugging\n  - Automated request modification for testing\n  - Bug bounty report generation\n  - Vulnerability identification and attack vector suggestions\n  - Multi-step attack chain planning with cross-request context\n\n#### Other AI Features\n- **Explain Request** (Claude/Gemini) with streaming responses.\n- **Suggest Attack Vectors**: request + response analysis; auto-send if no response; payload suggestions; reflections/errors/multi-step chains; fallback to request-only with warning.\n- **Context menu \"Explain with AI\"** for selected text.\n- **Attack Surface Analysis** per domain: categorization (Auth/Payments/Admin/etc.), color-coded icons, toggle between list and attack-surface view.\n- **Export AI outputs** as Markdown or PDF to save RPD/TPM.\n\n### Productivity \u0026 Theming\n- **7 Beautiful Themes**: Choose from a variety of modern, carefully crafted themes:\n  - 🌙 **Dark (Default)**: Classic dark theme optimized for long sessions\n  - ☀️ **Light**: Clean light theme for bright environments\n  - 🎨 **Modern Dark**: VS Code Dark+ inspired theme with enhanced contrast\n  - ✨ **Modern Light**: GitHub-style light theme with crisp colors\n  - 💙 **Blue**: Cool blue/cyan color scheme for a fresh look\n  - 🔆 **High Contrast**: Accessibility-focused theme with maximum contrast\n  - 🖥️ **Terminal**: Green-on-black terminal aesthetic for retro vibes\n- **Theme Selector**: Easy dropdown menu to switch themes instantly\n- **Smooth Transitions**: Animated theme switching for a polished experience\n- **Optimized Syntax Highlighting**: All themes include carefully tuned colors for:\n  - HTTP methods, paths, headers, and versions\n  - JSON keys, strings, numbers, booleans, and null values\n  - Parameters and cookies\n  - Request method badges (GET, POST, PUT, DELETE, PATCH)\n- **Theme Persistence**: Your theme preference is saved and restored automatically\n- Request color tags and filters.\n- Syntax highlighting for JSON/XML/HTML.\n\n## Quick Start\n1) Open Chrome DevTools → “rep+” tab.  \n2) Browse: requests auto-capture.  \n3) Click a request: see raw request/response immediately.  \n4) Edit and “Send” to replay; use AI buttons for explain/attack suggestions.  \n5) Use timeline, filters, and bulk replay for deeper testing.\n\n## Installation\n\n1. **Clone the repository**:\n   ```bash\n   git clone https://github.com/bscript/rep.git\n   ```\n2. **Open Chrome Extensions**:\n   - Navigate to `chrome://extensions/` in your browser.\n   - Enable **Developer mode** (toggle in the top right corner).\n3. **Load the Extension**:\n   - Click **Load unpacked**.\n   - Select the `rep` folder you just cloned.\n4. **Open DevTools**:\n   - Press `F12` or right-click -\u003e Inspect.\n   - Look for the **rep+** tab (you might need to click the `\u003e\u003e` overflow menu).\n\nThis combo makes rep+ handy for bug bounty hunters and vulnerability researchers who want Burp-like iteration without the heavyweight UI. Install the extension, open DevTools, head to the rep+ panel, and start hacking. 😎\n\n### Local Model (Ollama) Setup\nIf you use a local model (e.g., Ollama) you must allow Chrome extensions to call it, otherwise you’ll see 403/CORS errors.\n\n1. Stop any running Ollama instance.\n2. Start Ollama with CORS enabled (pick one):\n   - Allow only Chrome extensions:\n     ```bash\n     OLLAMA_ORIGINS=\"chrome-extension://*\" ollama serve\n     ```\n   - Allow everything (easier for local dev):\n     ```bash\n     OLLAMA_ORIGINS=\"*\" ollama serve\n     ```\n3. Verify your model exists (e.g., `gemma3:4b`) with `ollama list`.\n4. Reload the extension and try again. If you still see 403, check Ollama logs for details.\n\n\n## Permissions \u0026 Privacy\n- **Optional**: `webRequest` + `\u003call_urls\u003e` only when you enable multi-tab capture.  \n- **Data**: Stored locally; no tracking/analytics.  \n- **AI**: Your API keys stay local; request/response content is sent only to the provider you choose (Claude/Gemini) when you invoke AI features.\n\n\n## ⚠️ Limitations\n\nrep+ runs inside Chrome DevTools, so:\n\n- No raw HTTP/1 or malformed requests (fetch() limitation)\n- Some headers can’t be overridden (browser sandbox)\n- No raw TCP sockets (no smuggling/pipelining tests)\n- DevTools panel constraints limit certain UI setups\n\nrep+ is best for quick testing, replaying, and experimenting — not full low-level HTTP work.\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=bscript/rep\u0026type=date\u0026legend=top-left)](https://www.star-history.com/#bscript/rep\u0026type=date\u0026legend=top-left)\n\n## Found a Bug or Issue?\n\nIf you encounter any bugs, unexpected behavior, or have feature requests, please help me improve **rep+** by [opening an issue here](https://github.com/bscript/rep/issues).  \nI’ll do my best to address it as quickly as possible! 🙏\n\n## ❤️ Support the Project\n\nI maintain **rep+** alone, in my free time.  \nSponsorship helps me keep improving the extension, adding new features, and responding to issues quickly.\n\nIf **rep+ saved you time** during testing, development, or bug bounty work, please consider supporting the project.  \n**Every dollar helps. ❤️**\n\n## Contributors 🤝\n\n\u003ca href=\"https://github.com/bscript/rep/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=bscript/rep\" alt=\"Contributors\" /\u003e\n\u003c/a\u003e\n\n---\n\n\u003ch3 align=\"center\"\u003eSponsors\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/projectdiscovery\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/50994705?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003ca href=\"https://github.com/Snownin9\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/218675317?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003ca href=\"https://github.com/exxoticx\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/50809037?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n  \u0026nbsp;\u0026nbsp;\n  \u003ca href=\"https://github.com/eduquintanilha\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/14018253?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n  \u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://github.com/Snownull\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/190537179?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://github.com/assem-ch\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/315228?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://github.com/MrTurvey\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/5578593?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://github.com/greenat92\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/8342706?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://github.com/tixxdz\"\u003e\n    \u003cimg src=\"https://avatars.githubusercontent.com/u/1549291?s=60\" width=\"60\" style=\"border-radius:50%;\" alt=\"Sponsor\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/sponsors/bscript\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Become%20a%20Sponsor-%F0%9F%92%96-ea4aaa?style=for-the-badge\" alt=\"Become a Sponsor\"/\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/user-attachments/assets/8e6933b5-8579-480b-99cf-161a392b4153\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Bitcoin%20Sponsor-₿-f7931a?style=for-the-badge\u0026logo=bitcoin\u0026logoColor=white\" alt=\"Bitcoin Sponsor\"/\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n","funding_links":["https://github.com/sponsors/bscript","https://opencollective.com/rep"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frepplus%2Frep-chrome","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frepplus%2Frep-chrome","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frepplus%2Frep-chrome/lists"}