rep+
Your AI security copilot for HTTP requests.
Start new thread
Bour Abdelhadi

rep+ - Your AI security copilot for HTTP requests.

by
rep+ is a lightweight Chrome DevTools extension inspired by Burp Suite's Repeater, now supercharged with AI. I often need to poke at a few requests without spinning up the full Burp stack, so I built this extension to keep my workflow fast, focused, and intelligent with integrated LLM support.

Add a comment

Replies

Best
Bour Abdelhadi
Maker
📌
Rep+ started from a very practical frustration. I love Burp Suite’s Repeater, but in many cases I only needed to poke at a few requests quickly. Spinning up the full Burp stack felt heavy when I was already working inside the browser and DevTools. I wanted something lightweight that lived closer to where requests actually happen. So I built Rep+ as a Chrome DevTools extension inspired by Repeater, but designed for speed and focus. As the project evolved, I realized that simply replaying requests was not enough. During testing, I kept asking the same questions. Is this vulnerable? What is wrong here? How can I improve or fix it? That is where AI became a natural fit. Rep+ evolved from a simple request editor into an intelligent assistant that can analyze requests and responses, highlight potential vulnerabilities, explain them, and even suggest or apply changes. The goal stayed the same throughout. Reduce friction, stay in flow, and make security testing faster and more insightful without leaving the browser.
ElevenApril

Bour, this resonates so much! 🤝 Spinning up the full Burp Suite just to replay a modified request or test a simple IDOR feels like total overkill for 90% of daily debugging.

Having a 'Repeater-like' experience directly inside Chrome DevTools is a huge workflow unlock. I love that you kept it lightweight.

Quick question: regarding the AI security analysis, does it inspect the response body for common patterns (like leaked PII or SQL errors) automatically, or do I need to prompt it for specific checks? Upvoted!

Bour Abdelhadi
Maker

@elevenapril 

Thanks a lot, really appreciate the thoughtful feedback 🤝
That “90% overkill” pain is exactly what pushed me to build Rep+ directly in DevTools.

For the AI analysis today, it’s prompt-driven. You explicitly tell it what to look for in the request or response.

That said, there are some deterministic checks already running automatically:

  • Secret extraction using Kingfisher rules

  • Automatic extraction of parameters and hidden endpoints from JavaScript files

These run without prompting and help surface low-hanging fruit quickly.

Going forward, I’m planning to add more predefined security prompts / heuristics so common issues in requests and responses (PII exposure, auth issues, error patterns, etc.) are caught more easily and with less manual prompting, especially to help pentesters move faster.

Thanks again for the upvote and the great question 🙌