• Runs with every possible permutation for query-based payloads. For instance "https://www.example.com/api/v1/users" with payload "..;" will result in testing the following:
  https://www.example.com..;/api/v1/users
  https://www.example.com/api..;/v1/users
  https://www.example.com/api/v1..;/users
  https://www.example.com/..;api/v1/users
  https://www.example.com/api/..;v1/users
  https://www.example.com/api/v1/..;users
  https://www.example.com/api/v1/users/..;
  https://www.example.com/api/v1/users/..;/
• Header payloads are added to the original request. In case the header already exists in the original request its value is replaced.
• For GET requests the extension will try to bypass Forbidden pages by changing the method to POST with an empty body.
• The extension will attempt to downgrade HTTP/1.1 to HTTP/1.0 and remove all headers as shown by Abbas.heybati
• Supports manual activation through context menu.
• Payloads are supplied by the user under dedicated tab, default values are stored in "query payloads.txt" and "header payloads.txt".
• Issues are added under the Issue Activity tab.

Check out the author's LinkedIn here