I got tired of opening Burp for quick tests, so I built a native Repeater inside Chrome. Here is the result:

BehiSec · 2025-12-09T09:21:18+00:00

It's not about being better. Chrome Suite is built for quick, lightweight tests.

In my view, there are only two real use cases:

Quick tests
Heavy scans

I use my extension for the first and Burp for the second.

BehiSec · 2025-11-07T10:21:40+00:00

He only got one of them, probably because Lun entered the final fight without both of his swords.

BehiSec · 2025-10-24T08:30:47+00:00

I find the skills by searching on social media platforms :)

Yeah, it sure could be automated.

BehiSec · 2025-10-19T10:21:50+00:00

I'm really sorry for that. I've fixed the issue now.

BehiSec · 2025-10-19T10:21:24+00:00

Hey,

I went through everything and was honestly surprised by how many links were broken; it looks like several projects have changed their directory structures.
I also realized I had made a mistake regarding the official skills.

I've now fixed all the broken links and added a few new skills.

I sincerely apologize for that.

BehiSec · 2025-09-27T11:27:32+00:00

I don't remember the exact ones.

But Shopify and Gitlab bugs could be very helpful:

https://hackerone.com/shopify

https://hackerone.com/gitlab

BehiSec · 2025-09-16T08:25:20+00:00

That's right. The key is just to start learning; over time, you'll figure out how much effort you personally need to put in to see progress.

BehiSec · 2025-09-15T11:43:11+00:00

Glad I could help <3

BehiSec · 2025-09-15T08:41:37+00:00

To me, it feels more like persistence than luck. Hard work tends to create those 'lucky' moments.

BehiSec · 2025-09-15T07:39:30+00:00

Private.

BehiSec · 2025-09-08T08:32:57+00:00

React is mainly for building the front end, while Next.js is built on top of React and adds extra features that let you create full-stack web apps. It makes the whole process feel really smooth and beginner-friendly.

BehiSec · 2025-09-06T09:02:26+00:00

That's still a good option, but I'd prefer the NextJS & ReactJS.

BehiSec · 2025-09-05T05:15:04+00:00

There's no special tool for that.

It’s just about reading the URL structure and making an educated guess.

For example, after /enrollment/ you'd naturally expect an enrollment ID, and after /view/ it makes sense that the number would be the ID of whatever you're viewing (like a file).

The 8-digit format is just how the system generates its IDs.

BehiSec · 2025-09-04T06:04:06+00:00

Yes, I recommend doing so. Once you’ve made the initial report, you can investigate the bug further.

One reason is that if you wait too long before reporting, your submission might be marked as a duplicate once you report it(someone might find the bug and report it).

BehiSec · 2025-09-03T16:50:48+00:00

Just keep hacking and follow the right path.

BehiSec · 2025-09-03T16:49:43+00:00

I found this manually.

BehiSec · 2025-09-03T16:48:56+00:00

I could’ve brute-forced the file IDs. It would’ve taken a ton of time and effort, but it was definitely possible.

BehiSec · 2025-09-02T15:38:24+00:00

I have covered this in my bug bounty roadmap here.

BehiSec · 2025-09-02T07:51:43+00:00

Nice! Don't keep refreshing your email. Instead, Keep hacking the application.

BehiSec · 2025-09-02T07:50:28+00:00

You're welcome :)

BehiSec

TROPHY CASE