Chiral

HTTP Request Repeater and Interceptor for security testing

Chiral is a browser-native security suite that brings Burp Suite-level manual testing capabilities directly into your Chrome DevTools. It is designed for researchers who prioritize speed, precision, and an uncluttered workflow. No proxy certificates, no Java environment, and no "magic" AI bloat—just powerful, expert-grade tools that gets out of your way. Core Workflow Features: ● True In-Flight Interception (CDP-Powered): Attach the Chrome Debugger to pause requests in mid-flight. Modify method, URL, headers, and body before forwarding, or drop requests entirely. ● Professional Repeater & Diff View: Edit and replay captured requests with a table-based header editor or raw mode. Use the side-by-side Diff View (up to 8 panels) to spot minute byte-level discrepancies in responses. ● Automated Sequence Chains: Turn a discovery into a reproducible Proof of Concept. Chain requests with Postman-style variables ({{VARNAME}}) and regex-based extraction rules to automate complex authentication and exploit flows. ● Passive & Active Recon Engine: Identify tech stacks, misconfigurations, and leaked secrets using 67+ regex-driven rules. In Active Mode, Chiral automatically modifies and resends requests based on your custom rule actions. ● Dynamic Target Mapping: Automatically build a structured map of your target’s attack surface. Chiral normalizes paths (e.g., /user/123 → /user/{id}) and tracks methods and query parameters per endpoint. Advanced Power Features ● Sandboxed Scripting: All 19+ encode/decode/hash operations (Base64, JWT, SHA-256) are user-editable JavaScript scripts running in a secure iframe. ● Integrated Cookie Manager: Full CRUD control over browser cookies. Edit attributes or import/export sessions for rapid privilege escalation testing. ● Regex-Centric Everything: From detection rules to extraction, Chiral uses a unified regex engine. No complex dropdowns—just raw pattern matching power. ● cURL Integration: One-click cURL export for any request, or import cURL commands directly into the Repeater or Sequences. The Chiral Philosophy No "Cheap Aesthetics": Professional tools are made for professionals. No need for AI-bloat or "our secret sauce". All rules, tranforms and sequences are open and customizable. No Special Cases: Built-in features use the same systems as user-defined ones. You can inspect, modify, or replace any default rule or script. Performance First: Passive capture runs via native DevTools APIs with zero overhead. No debugger warning is triggered until you need active interception. Privacy & Security Chiral is built for security professionals and respects your data. ● Local-Only: All data, rules, and history are stored locally in chrome.storage.local. Nothing is ever sent to an external server. ● Transparent Permissions: We use optional permissions for cookie management, requested only when you first open the Cookies tab. ● Manifest V3 Compliant: Fully adheres to the latest security, privacy, and performance standards of 2026. Ready for rapid manual testing? Add Chiral to your DevTools today.