Using the Manual Request Editor

1 min read Security Testing & Tools

Using the Manual Request Editor

The Manual Request Editor provides a powerful interface for crafting custom requests without browser interaction. Access it by right-clicking any request in the History tab and selecting "Open in Request Editor." This tool enables precise request crafting for edge case testing that browsers cannot generate naturally.

Custom header injection tests server-side header processing. Add headers like X-Forwarded-For to test IP-based controls, custom authentication headers to probe authentication mechanisms, or malformed headers to test error handling. The editor's raw view shows exactly what will be sent, ensuring precise testing without browser interference.

# Example custom request for authorization testing
POST /api/admin/users HTTP/1.1
Host: example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json
X-Forwarded-For: 127.0.0.1
X-Original-User: regularuser
X-Admin-Override: true

{
  "action": "delete",
  "userId": "12345"
}

Body manipulation enables testing of various content types. Modern applications use JSON, XML, multipart forms, and custom formats. The Request Editor handles all content types, allowing precise manipulation of complex data structures. Test for XML External Entity (XXE) vulnerabilities by crafting malicious XML, or JSON injection by manipulating object structures.